The world is in turmoil right now. As the coronavirus pandemic ramps up, affecting all of us, hackers and scam artists also ramp up, exploiting the fears of people around the globe.
While there are numerous ways that cybercriminals will attempt to fleece their victims, the most common COVID-19 scams to look out for include phishing emails/scam and fake websites/URLs.
Protecting Against COVID-19 Scams
Following governmental guidelines to protect yourself against COVID-19 and to help stop its spread are absolutely necessary and important for all people to adhere to. However, the physical health ramifications are not the only thing to watch out for these days. We must also protect ourselves and our businesses against COVID-19 scams.
Phishing emails are the most popular scam amid the coronavirus pandemic, and they are popping up in many different forms. Most of the phishing emails seem to offer medical or health information regarding the coronavirus. Some are hinting at the availability of a vaccine or cure while others appear to be from credible sources, such as the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC). But how do you determine if the email you received is legitimate or potentially dangerous?
Determining the Legitimacy of Emails
Stick with the old adage: If it sounds too good to be true, it probably is. Don’t click on any links that provide a cure, vaccine or product to prevent the coronavirus. Currently, there are no legitimate vaccines or cures for COVID-19, according to the Federal Trade Commission and the Food and Drug Administration. All of these emails are offering false hope and the links could possibly infect your computer with malware.
Beware of emails from “trusted” sources. According to WeLiveSecurity.com, “the World Health Organization (WHO) is among the most-impersonated authorities in the ongoing scam campaigns.” There are also multiple reports of fake emails that appear to be from the CDC or Johns Hopkins. Experts are warning to inspect these emails before clicking on any links. The WHO actually has a dedicated cybersecurity page on its website, providing information on what to be aware of and how it actually communicates. For instance, the WHO will never ask for a username or password to access safety information; it will never email attachments that were not requested and it will never send you a link outside of www.who.int.
When determining the legitimacy of emails or links, look for https in the URL. This is often an indicator that the link is secure. Check for spelling errors. Phishing scams often originate overseas or from people who speak English as a second language and that can translate into the emails. Small spelling errors, like interchanging two letters or transposing letters, can also be purposeful to try to trick you into clicking on the malicious link. Also, look for subdomains in the links provided, which can be as simple adding a word into what appears to be a legitimate URL. For instance, amazon.store.com instead of amazon.com. If you have any notion that the email is not trustworthy, do not click it. Instead, seek out the information by searching the internet and known sources of information.
Identifying Fake Websites
Everyone wants information regarding the coronavirus. As such, they are turning to the World Wide Web to gain that knowledge. Scammers know this, and they have been buying domains associated with COVID-19. According to Forbes, “a massive number of new websites had been registered using the coronavirus or COVID-19 names, some of which were already trying to infect visitors.” They warn that such websites include coronavirus-map[.]com, coronavirus[.]app and vaccine-coronavirus[.]com.
To protect yourself if you accidentally click on one of these fake websites, make sure your antivirus software is up to date on all of your devices. It is recommended to turn on auto-updates so that each device has the latest in security tools as they become available.
In addition, there are website reputation rating tools that you can use to determine the risk of the website that you wish to visit. Cybersecurity companies, such as McAfee, Kaspersky and NortonLifeLock, have these tools available for use. They do not guarantee their accuracy, however, so proceed with caution. Trust your instincts and avoid any sites you are not sure of.
Don’t Succumb to a Coronavirus Scam
By March 16, 2020, Jiri Kropac, a researcher at cybersecurity firm ESET, was able to identify 2,500 infections from two malware strains that spread through coronavirus-themed emails, according to a Forbes report. Proofpoint, a cybersecurity firm, is reporting that the number of attacks is perhaps the largest set around a single theme. This is highly significant, especially since we are still at the beginning of the curve in the United States and many European countries, meaning cases of the coronavirus and scams surrounding it are still increasing and will continue to increase throughout the near future. It is time to ensure your cybersecurity.
SubRosa Cyber Solutions offers a full suite of cybersecurity tools and expertise. If you have any questions, concerns or think you may have been infected with malware, please contact SubRosa today!
Contact us to protect your company against phishing scams!