It’s common for cyber-criminals to leverage current events in their scams. The ongoing, worldwide response to the COVID-19 virus is no different. The bad guys use urgency, fear, and uncertainty among other common human responses to entice individuals to take actions that otherwise they would not consider.
The current cyber threats related to COVID-19 fall into three broad categories:
· Phishing and social engineering scams
· Sale of fraudulent or counterfeit goods
Some of the ways that the malicious actors are currently exploiting COVID-19 include the following methods:
· Phishing emails impersonating health organizations and using other COVID-19 lures.
· Malicious mobile apps that are disguised as COVID-19 infection trackers and similar tools but are actually ransomware, information stealers, or other malware.
· Fake COVID-19 websites that entice users to download malware or to provide credentials.
· Shortages of healthcare equipment or some household products are being exploited by some disreputable online sellers and some underground websites offer phony vaccines, fake medical equipment, and other fraudulent goods for sale.
· Misinformation is being spread on social media and other platforms, which may create panic and further shortages of goods.
· Creation of fake charities or other “good cause” scenarios to solicit donations from well-meaning individuals.
Finding a Phish
Be on the lookout for the following five signs of a phishing email:
1. The email plays on fear and urgency in order to generate action.
2. It asks for credentials, personal, or financial information.
3. It uses an unfamiliar greeting such as “Sir/Madam.”
4. It came from a sketchy or unusual email address.
5. There are spelling or grammatical errors.
Click here to review the sample 'COVID-19' themed phishing email for signs of a phish.
Working From Home
Also, as many of you begin shifting to working from home options, be sure to keep yourself secure by considering the following:
· Being alert for phishing and other scams, as covered above.
· Using secured WiFi (wireless) connections.
· Practicing good password security such as not sharing or writing-down passwords.
· Ensuring that updates are applied when made available by your IT or 3rd party IT support teams.
· Not allowing friends or family to use your work equipment.