Hackers and cybercriminals are leveraging the hype and fear connected with the growing COVID-19 pandemic as a tool to take advantage of people by stealing passwords, data or just simply soliciting payment for false remedies. Fortunately, their tools are not new and if you remain diligent, you can avoid common scams.
We examined some of the most common phishing scams in an effort to help you avoid falling prey to them.
1. False CDC Alerts
Cybercriminals send phishing emails designed to look like they’re from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of coronavirus cases in your area. “You are immediately advised to go through the cases for safety hazard,” the text of one phishing email reads.
2. Health Advice Notices
Phishers send an email that offers purported medical advice to help protect you against the coronavirus. The emails may falsely claim they are from medical experts near Wuhan, China, where the coronavirus outbreak began. “This little measure can save you,” one phishing email says. “Use the link below to download Safety Measures."
3. Workplace Policy Notices
Cybercriminals target employees’ workplace email accounts. One phishing email begins, “Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you’ll download malicious software.
Just like other phishing email scams, these try to lure you into clicking on a link or providing personal information that is then used to commit fraud or identity theft. Roark Tech Services handles scores of calls each week from unsuspecting users who, in the haste of their busy day, accidentally click on a bad link.
Here are some ways to recognize and avoid coronavirus-themed phishing emails.
1. Beware Of Online Requests For Personal Information.
A coronavirus-themed email that seeks personal information, such as your Social Security number or login information, is a phishing scam. Legitimate government agencies will never ask for that information and you should never provide it via email.
2. Check The Email Address Or Link.
Inspect a link by hovering your mouse pointer over the URL to see where it leads. Sometimes, an illegitimate address is obvious, but other times not. Keep in mind phishers create links that very closely resemble legitimate addresses. Take your time and inspect carefully. If you are unsure, delete the email.
3. Watch For Spelling & Grammatical Mistakes. If an email includes spelling, punctuation and/or grammar errors, it’s likely a sign you received a phishing email. If you are unsure, delete the email.
4. Look For Generic Greetings. Phishing Emails Are Unlikely To Use Your Name. Greetings like “dear sir or madam” signal the possibility that an email is not legitimate.
5. Scrutinize Any Email That Insists You Act Now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information before you have time to think about it or ask someone’s opinion. If you are asked to act immediately, delete the message.
If you are seeking accurate information, it’s best to go directly to the source.
Here is a list of useful websites.
Roark Tech Services remains open and poised to assist with any technology need. We are fully capable of remote support, but if an on-site visit is required, with your permission, we will accommodate. Keeping small businesses operating efficiently and effectively is what we are known for.
Please contact us for any needed assistance or know-how on remote computing or technology adaptation.