How to spot COVID‑19 online scams
Common types of scams
Falsely representing health organizations
Websites “selling” health products
Fraudulent financial offers
Falsely representing government authorities
How to avoid from being scammed?
You can follow these simple suggestions to stay protected and avoid falling victim to these phishing attacks.
Visit websites by typing the domain name yourself. Most businesses use encryption – their address starts with https – and if you receive a certificate error while browsing, consider it as a warning sign that something is not right with the website.
Pay attention to wording, tone and terminology. Bad actors could scam a specific person via spear phishing using the receiver’s full name and other personal details. Check for terms and language that is usually expected in the type of email you receive.
Never supply any personal or financial information, and passwords to anyone via email. Emails are considered insecure ways to send data. Remember, that most institutions or companies would never ask for your password or other key personal information.
Check links before clicking on them. See your emails in plain text to check for the link address to see its destination. If it is not the same as what appears in the email, it is probably a phishing attempt.
Look out for spelling and grammatical mistakes. If you spot any spelling, punctuation and/or grammar errors, it could be a phishing email.
Stay away of emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action.
Keep your devices protected. Install anti-spam, anti-spyware and anti-virus software and make sure they are always up to date.
What to do if you get scammed?
In the case you do get scammed, you have to act quickly based on the type of attack. Most cyber-attacks are delivered automatically, to lots of people, hoping someone would take the bait. So, if you move fast, you might be able to save your data and accounts.
If you downloaded a file, either from an attachment or a link, your security software should generally flag it if there’s malware behind it. Just to be sure, make sure you update your antivirus and perform a full system scan. In case you don’t have any security software installed, download one and perform a scan.
If you entered your login information on a fake website, change them as soon as possible. Having two-factor authentication enabled, if supported, can be a lifesaver in these situations.
In case you typed your banking (credit card) information, act as you would if your credit card was stolen and contact your bank immediately, no matter the hour – most banks have a 24/7 anti-fraud line. If you have access to a home banking platform, you should lock or disable your credit card first.
- Report it to your IT department by forwarding it as an attachment
- Delete the email and clean your computer
- Notify the organization being spoofed in order to prevent other people from being victimized.
Learn with Attack Simulator
One of the best ways to stay protected from online cyber-attacks is to be able to identify and avoid them. We provide the tools for comprehensive security trainings, with real-life simulations, and just-in-time learning, designed to help both novices and experts improve their security awareness.