During every national emergency situation, there are always scammers who look to capitalize on people during times of distress. Scammers have already begun to take advantage of the current state of emergency due to the Coronavirus pandemic. Similar to Hurricane Sandy in 2012, phishing scams have begun to plague our inboxes. Coronavirus phishing scams may come in the form of a statement or request from someone impersonating a Centers for Disease Control (CDC), World Health Organization (WHO), or similar agency official. They may even use domain names similar to those of the CDC and WHO.
These emails often have an urgent and alarming tone to them, and ask you to submit information or payment via a donation or even bitcoin. Both the CDC and the WHO have put out statements that condemn these scams and warn citizens against them.
In addition, since many people are working from home and utilizing remote teleworker solutions for the first time, some scammers may try to impersonate emails from IT departments, trick users to divulge login information by directing them to fake login pages, or have users access false remote document storage pages just to steal their credentials.
Fortunately, recognizing a fraudulent email is relatively easy if you take certain steps to analyze the content of the email.
- Look at the sender name. Often the sender’s name will be familiar, but the email address or domain name is “mysterious”.
- If the email includes a link or documents to download that you weren’t expecting, pick up the phone and call the sender for verification. Don’t simply reply to the email as the scammer may be the one responding.
- Hover your mouse over links; the address will appear over the link or at the bottom of your email screen. Does it look “phishy”? If so, do not click.
- Is there a signature in email? Does it look legitimate?
- Are words misspelled? Is the body written with poor grammar?
- Is the email asking you to fill in personal or financial information?
Reading the email with this level of scrutiny will certainly help you decide if you should report the message to your IT team and alert your company to a potential risk.
Keep in mind, scammers also spread “clickbait” via social media. These posts may promise information about how to treat the virus or maybe ask for a donation to help fund a fake vaccine against the virus. The aim is to steal the victim’s personal or financial information.
The best way to combat these phishing scams is through training and educating your employees on how to spot them. Our blog page has many useful articles on phishing, ransomware and other cyber security threats.
If you have any questions relating to this risk or need help with any cyber risk related issues, please contact Jon Edwards, Partner, Cyber Risk Advisory, at 732-395-4281 or firstname.lastname@example.org