Guest post by Stacy Scott, Managing Director of Cyber Risk, Kroll
The COVID-19 pandemic has created a unique opportunity for cybercriminals. Cybercriminals will often take advantage of trending topics in the news, such as the coronavirus, to try and prey on consumers using fear and urgency tactics. In the case of the COVID-19 pandemic, such activity is especially insidious in that it mimics communications from expert sources such as the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), and Johns Hopkins University.
There are already multiple reports of malicious activity related to the coronavirus that have sprung up in recent weeks, such as:
- A fake website that mimics the Johns Hopkins COVID-19 tracking dashboard
- Emails purporting to be from the Center for Disease Control’s Health Alert Network that were actually phishing attempts to gain access to personal information.
- Emails that offer medical advice or products to help protect you against the coronavirus.
- Emails that appear to be official company announcements about a new Communicable Disease Management Policy.
Tips for recognizing and avoiding phishing emails
Here are some ways to recognize and avoid corona virus-themed phishing emails.
Like other types of phishing emails, the email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft. Here are some tips to avoid getting tricked.
- Beware of online requests for personal information. A coronavirus themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
- Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses or they are using a trusted email source that has itself been hacked.
- Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
- Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
