Defending against coronavirus phishing scams

Defending against coronavirus phishing scams

The coronavirus, or COVID-19, pandemic has forced businesses across the United States to step up their social distancing and work measures to keep employees safe. But every time a major event happens, cybercriminals also come out of the woodwork. In the case of the coronavirus pandemic, cybercriminals are exploiting people’s fears about the outbreak to steal personal information.

Phishing scams, which involve sending fraudulent emails to trick people into clicking links or opening malware attachments, are becoming more prominent during the coronavirus outbreak. Many concerned individuals who are seeking more information about the pandemic are especially vulnerable to these scams. To defend yourself and your employees from coronavirus phishing scams, here’s everything you need to know.

Common types of coronavirus scams

coronavirus phishing scams infographic

  1. CDC alerts
  2. Cybercriminals have been using phishing emails designed to look like they’re from the Centers for Disease Control. The email might claim to have an accurate list of coronavirus cases near the target’s area, and “advises” them to click on a link to get more details. Upon clicking on any links, users are directed to a sign-up page — but in reality, it is just a fraudulent site designed to steal information.

    Leveraging the reputation of a government agency or well-known organization is a common tactic among cybercriminals. In fact, CDC-themed phishing emails aren’t the only things you and your employees have to worry about. Unsolicited emails claiming to be from the World Health Organization, Department of Homeland Security, and even the Chinese Health Ministry can be part of a phishing attack.

  3. Health advice emails
  4. Phishers send emails that appear to offer medical advice to protect users from the coronavirus. To sound authentic, these emails may claim to be from medical experts in Wuhan and use complex medical terms. However, in most cases, any information regarding symptoms and sanitary practices are pulled directly from health and safety advisory websites.

    These emails then trick unwitting users into clicking links and attachments purporting to be an official website or leaflet. Much like every phishing scam, however, these links and attachments can install dangerous malware that steals sensitive information.

  5. Company announcement emails
  6. Another common phishing tactic making the rounds are fake workplace policy emails regarding coronavirus. Cybercriminals often masquerade as senior-level managers or HR staff within a company and send emails about instituting a “communicable disease management policy.” While it’s common practice for businesses to have one, these fraudulent emails will usually include a link that spreads malware when clicked.

  7. Fake cure promotions
  8. The most egregious phishing scams are those offering coronavirus cures that are in limited supply. These emails may have flowery marketing language and provide links that take victims to a website asking for billing information.

    But the important thing to note is that there are currently no specific vaccines or medicines for COVID-19. People are advised to check with verified news sources and the WHO website if there are any developments in this front. In any case, it’s best to avoid unsolicited emails that seem to profit off of the coronavirus.

Cybersecurity should be your top priority

Ensure your business is protected from scammers and hackers by learning the 3 Types of Cyber Security Solutions Your Business Must Have by reading our FREE eBook.

Download now!

How to spot coronavirus-themed scams

Although email security software can keep a majority of phishing emails out of your inbox, you must also learn how to recognize and avoid them. This means you need to do the following:

  1. Never share personal information – Any unsolicited email that asks for sensitive information, whether it be coronavirus-themed or otherwise, should be avoided at all costs. Legitimate organizations will never ask for login credentials, Social Security numbers, or other credentials via email.
  2. Inspect links thoroughly – Make sure to hover your mouse button over the URL link to see its real destination. If the destination appears to be from an address you don’t recognize, never click on the link. However, keep in mind that scammers can create links that closely resemble legitimate addresses, so when in doubt, delete the email.
  3. Check for grammatical errors – Be careful if you see an email with poor spelling, grammar, and punctuation. This often indicates that the email was composed by a scammer, rather than a professional in a legitimate company.
  4. Watch out for generic greetings – The most successful scammers cast a wide net, hoping to catch several people off guard. Due to this, many coronavirus phishing emails will have generic messages like “Dear [company name] client.”
  5. Beware of emails that create a sense of urgency – Phishing emails may urge people to register to fake medical websites or purchase medicine before it goes out of stock. Whatever the email urges you to do, don’t be fooled.

Phishing scams are ever-evolving, so it’s not enough to learn how to spot these red flags. What’s important is that you’re cautious of every email, link, or attachment you encounter. Being constantly vigilant will keep you safe from coronavirus phishing emails and other dangerous online scams.

If you need more advice regarding cybersecurity, Intouch IT is your best option. Read our free eBook: 3 types of cybersecurity solutions your business must have to learn more.