The huge amount of news coverage surrounding COVID-19 has created a new danger; phishing attacks looking to exploit our fears about the virus. How does it work?
Cybercriminals or hackers send emails, claiming to be from legitimate companies with information about the coronavirus. These emails may ask you to open an attachment to see the latest statistics. If you click on the attachment or embedded link, you’re likely to download some form of malicious software (or malware) onto your device. This malware could allow these cybercriminals to take control of your computer or access your personal information and financial data, which could lead to identity theft.
COVID-19 has affected the lives of millions around the world. It’s impossible to predict its long-term impact but it is possible to take steps to help protect yourself against coronavirus-related scams.
Workplace policy emails. Cybercriminals have been targeting employees’ workplace email accounts. One phishing email begins, ‘All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.’ If you click on the fake company policy, you’ll more than likely download malware. Here’s an example.
Health advice emails. Emails have been sent that offer purported medical advice to help protect you against the coronavirus. The emails may claim to be from medical experts near Wuhan, China, where the coronavirus first appeared. ‘This little measure can save you,’ one phishing email says. ‘Use the link below to download Safety Measures.’
Here’s some tips and tricks to stop you from becoming the victim of a phishing email:
- Stay clear of emails that urge you to act now. Phishing emails often try to create a sense of urgency and demand immediate action. It is easy to do so when all the media is raving about the subject at hand instead take a breath and delete it.
- Search for generic greetings. These emails will probably not use your name. Greetings like ‘dear sir/madam’ are a sign that the email probably isn’t legit.
- Watch for spelling and grammar mistakes. If your email includes mistakes with punctuation, spelling or grammar, odds are it’s a phishing email. Delete it.
- Check the email address that the email is sent from or hover your mouse over the URL to see where it leads. Sometimes it’s obvious that it’s fake but some phishers go to great lengths to make their emails seem real. If you see anything fishy (no pun intended) with the link or email address, delete it.
- As a general rule, never respond to emails that request personal data.
Other than that, stay safe out there.