There are increasing reports of scams and phishing attempts referencing COVID-19. These attacks many times appear as innocent emails looking for assistance or providing information regarding the COVID-19 crisis. Bad Actors are taking advantage of this crisis to prosper or do damage. Their criminal actions are becoming more and more sophisticated and look very official as though coming from government agencies and health organizations.
It is critical to remain vigilant with all email correspondence and websites, but particularly those referencing COVID-19 updates, maps, donations, notifications etc.
To avoid becoming a victim, follow the guidelines below:
- Never click on links or open attachments within unexpected emails.
- If you receive a suspicious email appearing to come from a legitimate organization such as CDC, WHO, FEMA etc., confirm its legitimacy. Make sure links direct you to the official site by hovering over the link. Report suspicious email to your company’s Information Security Department.
- If you visit a website or receive a pop-up window directing you to a phone number for support desk assistance, DO NOT call the number, instead contact your company’s Information Security Department.
- Never share your password with anyone.
Trends noted to date include:
- Malicious Websites – sites referencing coronavirus or COVID-19 in the URL. Thousands of new websites have recently been registered to distribute malware when the user accesses the site.
- Spam – emails trying to grab your attention to sell information or goods now in high demand such as masks, hand sanitizers, COVID-19 drugs, etc.
- Phishing – emails posing to be from legitimate organizations such as Center for Disease Control (CDC), the World Health Organization (WHO), Federal Emergency Management Agency (FEMA), etc. These emails contain malicious links, and some are collecting personal information.
- Fake Charities – emails and websites asking for donations for studies, healthcare professionals, victims, or other activities related to COVID-19
- Fake internal HR or IT communications such as coronavirus surveys pretending to be from your company’s HR or IT department – these sites are attempting to obtain your User ID and password or other personal information.
- Fake notification of infection – beware of emails reporting you have been exposed to an infected individual, particularly ones asking for personal information to proceed.
Always Think Before You Click.