We are through our 1st successful week of Work From Home. By now all know our Health-related protocols and preventive measures. It's time to take precautions to make sure our systems don't get infected too. The overwhelming amount of news coverage surrounding the novel coronavirus has created a new danger — phishing attacks looking to exploit public fears about the sometimes-deadly virus.
How does this work?
Cybercriminals send emails claiming to be from legitimate organizations with information about the coronavirus.
The email messages might ask you to open an attachment to see the latest statistics. If you click on the attachment or embedded link, you’re likely to download malicious software onto your device.
The malicious software — malware, for short — could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data, which could lead to identity theft.
Here’s some information that can help.
How can you spot a Coronavirus phishing email?
Coronavirus-themed phishing emails can take different forms, including these:
1. Govt alerts
Cybercriminals have sent phishing emails designed to look like they’re from the Ministry. The email might falsely claim to link to a list of coronavirus cases in your area. “You are immediately advised to go through the cases above for safety hazards,” the text of one phishing email reads.
What do the emails look like? Here’s an example:
2. Health advice emails
Phishers have sent emails that offer purported medical advice to help protect you against the coronavirus. The emails might claim to be from medical experts near Wuhan, China, where the coronavirus outbreak began. “This little measure can save you,” one phishing email says. “Use the link below to download Safety Measures.”
Here’s what a fake health-advice email looks like.
3. Workplace policy email
Cybercriminals have also targeted employees’ workplace email accounts. One phishing email begins, “All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you’ll download malicious software.
Here’s an example.
How can we avoid scammers and fake ads?
Scammers post ads that claim to offer treatment or cures for the coronavirus. The ads often try to create a sense of urgency — for instance, “Buy now, limited supply.”
At least two bad things could happen if you respond to the ads.
One, you might click on an ad and download malware onto your device.
Two, you might buy the product and receive something useless, or nothing at all. Meanwhile, you may have shared personal information such as your name, address, and credit card number.
Bottom line? It’s smart to avoid any ads seeking to capitalize on the Coronavirus.
5 tips for identifying and avoiding phishing emails
Like other types of phishing emails, the email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft. Here are some tips to avoid getting tricked.
Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
Where can I find legitimate information about the coronavirus?
It’s smart to go directly to reliable sources for information about the coronavirus. That includes government offices and health care agencies.
Here are a few of the best places to find answers to your questions about the coronavirus.
Follow your Covid-19 team's emails for the latest. You can find ours here.
Follow WHO for a range of information, including how to protect yourself, travel advice, and answers to common questions.