COVID-19 phishing emails: The second virus you didn't see coming
As the Coronavirus spreads around the world, much of the workforce has been invited to work remotely for the next few weeks. It is important to uphold current security measures as well as implement new security measures to ensure the safety of your organization. Cyber criminals are taking advantage of the current situation by finding ways to exploit the panic and confusion caused by COVID-19 by sending phishing emails to lure people into downloading a “different kind of virus.” As if there wasn’t enough to worry about with the coronavirus on its own.
Unfortunately, we see this pattern happen often with emergency situations. It has become common place for bad actors to take advantage of people while they are under stress from an emergency such as COVID-19. Bad actors are successful during these emergencies because people are vulnerable and caught off guard. They don’t expect an email from the World Health Organization (WHO) or Centers of Disease Control (CDC) to be fake.
In fact, the WHO published an announcement warning healthcare professional about the dangers of bad actors disguising themselves as WHO to steal money and sensitive information.
According to WHO they will:
- Never ask for your username or password to access safety information
- Never email attachments you didn’t ask for
- Never ask you to visit a link outside of www.who.int
- Never charge money to apply for a job, register for a conference, or reserve a hotel
- Never conduct lotteries or offer prizes, grants, certificates or funding through email
These phishing attempts are not limited to email. Criminals can use websites, phone calls, text messages, and even fax messages for their scams. Through a public health emergency such as COVID-19 it is more important than ever to be vigilant while communicating through email, text, etc.
So, what can you do to protect yourself during this time?
- Go to the source for information. Visit WHO or CDC directly for information and updates about COVID-19.
- Do not click on any links or open attachments for unsolicited email messages. If it was an unexpected message or text, it is most likely a phishing email.
- Do not feel rushed to answer or provide information. Cybercriminals will try to take advantage of COVID-19 to get people to make quick decisions. It is important to take your time and ask if the information request is appropriate for the situation.
- Make sure your computer software and security features are up to date to prevent backdoors from being left open.
- Regular back up your organizations data and store it offline or on a different network.
- Encrypt sensitive data and ensure you have an incident response plan ready in case of an IT emergency.
The first step in avoiding a phishing attack is just knowing that over the next few weeks there will be an influx of emails about COVID-19. Some will be legitimate. Others will be maliciously trying to take advantage of the situation.
Be vigilant. Just as we wash our hands, sterilize our environment and practice social distancing to avoid contracting COVID-19, we should be taking the same precautions with our online communications. Be skeptical of emails, messages, and text talking about COVID-19 or other things that seem out of the blue. Let’s take back some control and avoid being the next IT security outbreak for COVID-19.
What coronavirus scams are you seeing that others need to avoid?