It’s a shame that in the midst of a global pandemic, scammers are looking for ways to capitalize on everyone’s fears for their own personal profit. But unfortunately, the hackers look for any opportunity they can get, and the newest one is the Coronavirus (COVID-19).
New phishing scams related to coronavirus are filling up the inboxes of both employees and individuals in attempts to use new tactics and the air of uncertainty about the outbreak to trick users into downloading malware onto their computers or give up their login credentials.
94% of all malware is delivered via email. It’s a hacker’s favored method due to how cheap and effective it is. Hackers are also overwhelmingly switching from file attachments to URLs that link to malicious sites as a way of getting past antivirus/anti-malware defenses.
Every minute, $17,700 is lost due to phishing scams.
The best IT security protections that Treasure Valley residentials and businesses can take against these new scams include:
- Awareness (knowing what to watch out for)
- Strong, behavior-based antivirus/anti-malware
- Web protection that blocks malicious websites
- Following best practices for phishing (hovering over URLs before clicking, pausing if an email is unexpected or “too good to be true,” etc.)
Be on the Lookout for These COVID-19 Scams
In our efforts to keep our clients safe and aware of the latest cyberthreats out there, our Connect2Geek Team has researched the latest Coronavirus phishing scams, so you’ll know what to watch out for.
CDC Alert Scam
The Centers for Disease Control (CDC) has been front and center in the news during this pandemic and this particular scam uses that familiarity to trick recipients.
The email pretends to be an alert from the CDC that says they are continuing to monitor COVID-19 and that they’ve established an “Incident Management System.” The email then provides a link to an “updated list of new cases around your city” and asks you to immediately go through the cases at the link.
Of course, the link is not legitimate and takes you to a malicious webpage.
Workplace Policy Scam
This scam is targeted at employees and claims to be from a company’s human resources department. It states in part:
“Due to the coronavirus outbreak (company) is actively taking safety precautions by instituting a Communicable Disease Management Policy. This policy is part of our organizational preparedness and we require all employees to read and acknowledge the policy before (date).”
This scam uses the popular tactic of urgency by putting a deadline for the user to read the policy by. The term “Communicable Disease Management Policy” is hyperlinked, and if the user clicks on it, it downloads malicious software onto their system.
Health Advice Scam
People are looking for all types of answers on how to protect themselves and their loved ones from the virus and this next phishing scam exploits that.
It purports to provide medical advice from experts near Wuhan, China (where the outbreak started), and says “this little measure can save you.” It includes a malicious link.
False Claims of Vaccines or Cures
As had been confirmed by government and medical experts that there is no vaccine as yet for Coronavirus and it takes about 12-18 months to properly trial a vaccine before it can be publicly released. Yet people are often desperate to try anything.
Scams that prey on that desperation promise fake cures for COVID-19 and can take advantage of people in a few different ways:
- Linking to malware that downloads automatically
- Taking the user to a false sign-in page to steal their login for an account
- Sell them a fake product for hundreds of dollars
Charitable Donation Scams
Phishing that uses charitable donations as a scam to get your money and access to your payment card details are not new. They pop up after major disasters, such as hurricanes and tornados, and unfortunately fool many people.
COVID-19 is the latest ploy that phishing scammers are using to send fake requests for charitable donations that they say are designed to help the elderly or other potential vulnerable people with supplies, etc.
Practice Smart Anti-Phishing Practices
To avoid these new Coronavirus-related phishing scams, as well as other scams that you’ll see in your inbox throughout the year, it’s important to follow some best practices.
Go to Websites Directly
A majority of phishing emails don’t technically contain malware, so they get through basic (non-advanced) protections. Instead they use links to malicious forms or websites.
Whether it’s a link to purported medical information from the CDC or a “charity” asking for a donation, don’t visit the site through an email link.
If you really want to donate or find out more information, go to a legitimate website directly by typing the URL in your browser.
Legitimate COVID-19 information sites include:
https://www.who.int/health-topics/coronavirus
https://www.nih.gov/health-information/coronavirus
Don’t Trust Unknown/Unexpected Emails
It’s best to take a suspicious stance with any emails that are unexpected. This includes hovering over links before clicking them and checking around your office to see if that email purporting to be from the HR department is legitimate.
Be highly suspicious of clicking any link in an email if it’s from a sender you don’t know or is coming out of the blue or doesn’t “sound like” the sender (email accounts often get hacked).
Use Advanced Anti-Phishing and Web Protection Tools
Advanced anti-phishing software does more than just check for malicious file attachments. They’re designed to detect malicious links and use tactics such as sandboxing and behavior monitoring to identify threats.
Web protection (also known as DNS filtering) can block a malicious site even after a user clicks the link.
Stay Safe with Security Tools & Monitoring from Connect2Geek
Connect2Geek works with both residential and business clients in the Treasure Valley area. We can ensure you have the security you need to protect yourself and your network against malicious phishing scams.
Contact us today for a free consultation! Call 208-468-4323 or reach out online.