The coronavirus (COVID-19) is continuing to impact the globe in an unprecedented fashion, shutting down schools, cities and even entire countries. The novelty of this situation is spreading fear and uncertainty worldwide, especially among those who may have ignored concerns at first and assumed they would not be affected by the outbreak. In the wake of President Donald Trump declaring a national emergency to help curtail the spread of the virus, it’s clear the situation will worsen before it gets better. It’s more important than ever to remain level-headed and remember to follow best practices for both personal and cyber hygiene.
Cybercriminals are exploiting the vulnerable public during this time of crisis by launching massive phishing campaigns. This is nothing new. Online scammers always try to benefit from trying times. Predictably, phishing incidents started to flare up across the globe once hysteria began surrounding this global health emergency. World events that dominate headlines and engender feelings of alarm or panic are often a breeding ground for bad actors. Online scammers have spoofed virologists and reputable health organizations and even set up malicious websites, all in the hopes of tricking unwitting victims. Phishing attacks inherently yield low results in terms of the number of victims, but results can add up for persistent cybercriminals. And the simplest way to combat this sort of scheme is by educating yourself.
No doubt you have seen instructions to follow the guidance of credible organizations such as the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) for new developments around the coronavirus. Should you, however, receive unsolicited emails from these sorts of organizations or from experts claiming to offer help, remain vigilant and try to discern if the email is genuine. Phishing emails can range from conspicuous to deceptive, so knowing the warning signs can go a long way in practicing proper cyber hygiene.
First, ask yourself if you have an account or relationship with the company/organization or person contacting you. If not, it may be a scam. Further, any unsolicited email that requests your personal or financial information, even from an entity you trust, should raise a red flag. Immediately reach out to customer support to verify the legitimacy of this email, and if you can confirm that it is fake—or you are still unsure—report the attack to the Anti-Phishing Working Group and Federal Trade Commission.
Other signs to look out for include:
- Does the email contain typos?
- Does the sender’s email address look genuine?
- Are there links or attachments in the email?
- Is the email fear-inducing?
Again, some phishing emails are more conspicuous than others. In the past, for instance, you may have received an email from a friend, family member or coworker asking you to wire over money. The email may reference another friend or colleague and even address you in a manner that is consistent with the sender’s usual tone. These sorts of emails are often more deceptive because they are so personalized and are known as spear-phishing attacks. Cybercriminals leverage breached data, in combination with publicly available information, to initiate a number of social engineering attacks.
While it is important for companies to implement tools that filter spam and identify compromised employee accounts that are circulating in the deep and dark web, at the end of the day, technology alone cannot address this issue. No matter how sophisticated and enhanced a company’s security measures are, all it takes is one person—the weakest link in the chain—to provide an attack vector, most of the time without even realizing it. As individuals, we must continue to make smart cyber hygiene decisions to keep ourselves, and our networks, safe.