fbpx

Coronavirus Awareness

As the infamous Coronavirus (COVID-19) spreads around the world, cyber criminals are finding new ways to exploit the panic it’s generating. Email scammers are taking advantage of coronavirus fears to impersonate health officials and deceive people into giving up personal information.
The staggering amount of news reports surrounding the novel coronavirus has lead to a new danger — phishing attacks looking to exploit public anxiety about the occasionally-deadly virus.

How does it work?

The emails coming from cybercriminals are claiming to be from genuine organizations, containing important information about the novel coronavirus.

In the email, you might be asked to open an attachment containing the latest statistics. The main issue is that, if you click on the attachment in the email of on the embedded link, you have high chances to, in fact, download malicious software onto your device.

The malicious software or, better known as malware, could open the cybercriminals the gate to your computer, log your keystrokes, or access your personal information and financial data, all of which could lead to identity theft.

The coronavirus — or COVID-19, the name of the respiratory disease it causes — has impacted the lives of millions of people around the world. At this point, it is too hard to predict its long-term effects. One point we can all work on is to take steps to protect ourselves against coronavirus-related scams.

You might think the email on the left is genuine, but it is not from the World Health Organization. The people who click on the link end up on a website created by cybercriminals who wish to steal your credentials.

With this current phishing attack, the cyber scammers are creating emails to look like they have been sent from the CDC or the WHO. The email subject most likely to stumble upon will be one attention-grabbing, such as “Coronavirus cases are growing in your city – huge emergency” and most times include the agency’s official logo in order to add credibility.

At a first look, the sender’s email address appears to be real, for example cdc-gov.org or cdcgov.org. The websites created by scammers are very similar to the legit CDC site — cdc.gov — making the fraud easy to miss.

Other type of attacks might include sales for disease prevention products, requests for donations, links to infected maps or software meant to keep the people informed.

Some cybercriminals are also using the coronavirus to spread malware. Links in the email that are supposed to go to educational material will infect your computer.

How do I protect myself?

You need to be suspicious of any email that asks you to click on a link or open an attachment — even in the situations in which the email seems legitimate.

Most times, you can probably get the information you need by typing in the URL yourself. For the latest on the coronavirus outbreak go directly to the CDC website.

Don’t be taken in by the sender’s name

Scammers can put any name they like in the “from” field.

Check the URL before you type it in or click a link

If the website you land on doesn’t look right, steer clear. Do your own research and make your own choice about where to look.

If you realize you just revealed your password to impostors, change it as soon as possible.

The crooks try to use stolen passwords immediately, so the sooner you change your password, the more likely you are to stop them for doing anything malicious.

Turn on two-factor authentication (2FA), if you can

Yes, it’s a slight inconvenience to enter a six-digit code when you want to long on, but it’s a huge barrier for the crooks. With 2FA, a stolen password, by itself, is useless to them.

Avoid emails that insist you act now.

Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to convince you to click on a link and provide personal information — right now. Instead, delete the message.

Look out for spelling and grammatical errors

Not all cybercriminals make mistakes, but many do. Take your time to carefully read messages for telltale signs that they’re fraudulent.

Never enter your credentials on websites which shouldn’t be asking for.

A site that’s open to the public, such as the CDC or WHO, will never ask for your login credentials.

Never use the same password twice

Once crooks have a password, they’ll try it on every website where you might have an account, to see if they can get lucky.

Look for generic greetings

Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.

Where can I find legitimate information?

It’s smart to go directly to reliable sources for information about the coronavirus. That includes government offices and health care agencies.

Centers for Disease Control and Prevention

The CDC website includes the most current information about the coronavirus. Here’s a partial list of topics covered.

 

  • How the coronavirus spreads
  • Symptoms
  • Prevention and treatment
  • Global locations with COVID-19
  • Information for communities, schools, and businesses
  • Travel

World Health Organization

WHO provides a range of information, including how to protect yourself, travel advice, and answers to common questions.

National Institutes of Health

NIH provides updated information and guidance about the coronavirus. It includes information from other government organizations.