As the Coronavirus Disease 2019
(COVID-19) pandemic continues to sweep across the globe and push government
health services to the brink, criminals have taken advantage of the widespread
chaos. With a continuous torrent of information about the virus flooding the
internet, bad actors are using the confusion to launch phishing attacks and
scams. Cybercriminals target regular people as well as healthcare front-liners
and first responders.
Be wary of phishing attacks and scams.
Cybercriminals impersonate legitimate
organizations and send emails with information about the coronavirus. The email
messages may contain an embedded link/attachment for the latest statistics,
instructions on how to stay secure, downloadable forms, or anything related to
the COVID-19 pandemic. If you click on the link or attachment, you’re likely to
download malware onto your system or be redirected to an infected website.
Common phishing and scam emails pretend to be CDC alerts that claim to have information about COVID-19 in your area.
Look out for health advice emails that pretend to contain useful medical advice that can help front line healthcare workers protect themselves. These emails pretend to be either from medical experts near Wuhan, China, or the World Health Organization (WHO).
Some criminals have also targeted company email containing a fake company policy attachment infected with malware. Watch out for emails with generic greetings (no names), grammatical errors, spelling mistakes, and messages that insist you “act now.” These are most likely phishing attempts.
What does malware do?
Malicious software or malware can give
cybercriminals a backdoor to your computer that allows them to take control of
everything without you knowing about it. Threat actors can install programs
that log your keystrokes or software that can harvest your personal and
financial data, which can be used for identity theft.
You can prevent malware from infecting
your system by installing security software (antivirus, firewall, VPN, password
manager) from a trusted vendor. You can also mitigate the risks of identity
proactive identity monitoring. There are a lot of paid identity
theft monitoring services that can watch out for data breaches and the illegal
use of your credentials.
Practice good online hygiene
Exercise caution when handling unsolicited emails, text messages and chat that contains a COVD-19-related subject line. These may contain links to fraudulent websites or attachments loaded with malware. Even if someone from your contacts sends you a forwarded message, don’t click on the link. Manually type the URL in your browser, and never download anything online unless it’s from a verified source. Never share your financial or personal data in an email or online form, and do not respond to anyone asking for this information, for whatever reason.
Always remain vigilant
Most of the pleas on social media, text or calls related to COVID-19 may also be scams, so be wary when you encounter one. Don’t believe everything you read. Only use trusted sources to get up-to-date information on COVID-19, such as legitimate news outlets and government agency websites.
The best places to find legitimate
information about COVID-19:
Before making any donations to charity or sharing the link with others, verify its authenticity first by reviewing information from the Federal Trade Commission‘s page on charity scams.
Daniel William is content director and a cyber security consultant at IDStrong. His great passion is to maintain the safety of the organization’s online systems and networks. He knows that both individuals and businesses face the constant challenge of cyber threats. Identifying and preventing these attacks is a priority for Daniel.