As with any other large-scale event, scammers around the world are attempting to capitalize on fear, confusion, misinformation and desperation by using coronavirus/COVID-19 themes in many types of phishing email scams. The Secret Service issued a COVID-19 Phishing Alert press release on March 9 to warn the public about an opportunistic rise in malicious activity.
These scams include: phony information sites containing malware, solicitation of donations to causes related to the virus, miracle cures, or vaccinations (which do not yet exist) – pretty much anything you can imagine. Their goal: to get you to click on a hyperlink or open an attachment. Either of which can mean very bad things for your computer and possibly the rest of your computer network.
Now is the best time to alert your employees of the uptick in scams and train them on best practices to avoid becoming a victim of cybercrime.
More advanced users can check the email header, which is generally more reliable in indicating the true sender. Open source email header analyzers are available. One I use is MX Toolbox. Different email clients have different ways of viewing the header, but once you find it, copy the email header and paste it into an email header analyzer.
Hyperlinks are just as dangerous as attachments as they connect your computer to an unknown server with unknown intent. It may be a fake or copied website attempting to obtain information from you. It may have permission pop-ups that trick you into clicking on them, which may allow the scammers to download a keylogger, ransomware or other malware to your computer.
It’s only natural for your employees to want to learn more about the COVID-19 outbreak status. Make sure they are going to reputable sites for their information versus unknown websites that appear in search results or in email messages. Reputable sites include:
About 35% of employees will click on things they should not, even after training. So yes, you should definitely still train them, but also use other backstops as possible.
It’s a constant cat and mouse game with cybercriminals. This is one of the reasons why investing in data security at an appropriate level for your business has become a cost of doing business in our technology age. It’s unfortunate, but it’s better to be safe than vulnerable.