Cybercriminals are taking advantage of the spread of Coronavirus (COVID-19) with phishing emails that pretend to offer information regarding the virus from a reliable source. These emails may or may not look completely legitimate. These schemes are meant to steal valuable information such as financial and personal information, or infect your computer networks with malware or malicious software.
Malicious actors are sending these emails out claiming to be trusted sources. Two commonly used are, the U.S. Centers for Disease Control and Prevention (CDC) and the World Health Organizations (WHO). Both organizations have released warnings about the COVID-19 phishing scams.
We have seen a dramatic rise in these scams since the beginning of the pandemic, make sure you are aware of phishing emails and know what to look out for. If an email you receive seems too good to be true or is demanding an urgent action from you, it is most likely a phishing email.
How do I know if it’s a phishing email or not?
Here is an example of a phishing email claiming to be from the CDC.
“The Centers for Disease Control and Prevention (CDC) continues to closely monitor an outbreak of a 2019 novel coronavirus (2019-nCoV) in Wuhan City, Hubei Province, China that began in December of 2019. CDC has established an Incident Management System to coordinate a domestic and international public health response.
Updated list of new cases around your city are available at (link)
You are immediately advised to go through the cases above for safety hazard.”
This link will take you to a fake Microsoft Office Outlook login page, created to steal user names and passwords. Once the user types in their information, the malicious actors then have access to practically everything.
This email claiming to be from the CDC looks legitimate, and is the reason why so many people fall for these schemes. This outbreak is a dream come true for malicious actors. People have so much interest and concern about this virus, that they will practically open anything. All you have to do is click on a link and land on a site where they can then take full control. They will have access to emails and passwords, and that point, they can take whatever they want.
Tips & tricks for recognizing COVID-19 phishing emails:
- Most organizations will not ask for passwords, credit card information, or tax numbers over an email. It is highly sensitive information.
- Most phishing emails will use a generic salutation, such as “Dear Sir,” or “Dear Customer,”.
- Check the email address of the sender. Use your mouse to hover over the ‘from’ address. Check the address to see if it has been altered. An example is: email@example.com to firstname.lastname@example.org.
- Legitimate companies will not send unsolicited attachments. Hackers will direct you to download documents or files containing malware.
- Check URL’s by hovering over the link with your mouse. If the link in the text is not identical to the URL displayed when the cursor hovers on the link, that is a sign that it is not a legit link.
- Check the spelling on the email. Phishing emails are known to have small grammatical or typing errors here and there.
Make sure your company is aware of COVID-19 phishing emails, malicious actors are preying on the fear of the coronavirus. Educate yourself, friends and coworkers on how to recognize phishing emails. Remember to never click on links in an email you are unsure of. For the latest information on the coronavirus pandemic you can go straight to the CDC website.
(All phishing email examples come from the U.S. Health and Human Services)