What better time for cybercriminals to prey on the general public than when they are already panicking? One way to get us to click on their emails is to talk about you guessed it…the subject we are panicking about - COVID-19/Coronavirus. Everyone is interested in this subject right now. Cybercriminals know this. What’s worse is there really are emails that are perfectly safe and informative going around about this very topic. So, what is safe and what is not?
-
If the email comes from the CDC but the email address is misspelled. Major sign. The official CDC website is www.cdc.gov. No more, no less. Be aware not to click on www.cdc.net www.cdc.com or anything that is not the exact address - Most countries have the abbreviation at the end of the URL like .ru for Russia or .de for Germany (Deutschland).
-
The email is offering a magical cure that you can buy today! This is a huge red flag. There is no magical cure at this time for COVID-19 so that would be a major sign that this is a phishing email.
-
Many cybercriminals will act like they are from your HR department. If they claim they are from HR and are wanting your information or passwords be VERY aware that this could be phishing. Contact your HR department and verify that it was really them sending the email. if anything, they will appreciate your diligence to keep your information secure.
-
Pulling at your heart strings. Cybercriminals have gone so far as to create fake charities in the name of the countries that need resources and financial help due to this pandemic. Refer to this website if you are questioning a charity: https://www.consumer.ftc.gov/articles/0074-giving-charity
-
Attachments within an email from an unknown sender. It is NEVER a good idea to click on a link or an attachment in an email when you are unsure of the sender. Right now, this applies more than ever!
-
Email is not the only avenue of attack. Criminals are also using Covid-19 websites offering information or statistics or case tracking as a way to deliver malware. Please be extra cautious seeking information online. Only use legitimate, well-known sources. If in doubt, don’t click.
-
Many of us are working remotely per government suggestions and guidelines. Hackers know this as well and there are already cases of using this as an avenue of attack. Now more than ever, it is important to validate any monetary requests, passwords, access or other security related requests from what appears to be co-workers or trusted partners. If in-doubt, the safest avenue is to call and verify the request before providing the information.
The bottom line is to be aware. Just think before you click, verify before you act. Follow these guidelines and you should be ahead of the criminal. If you are STILL unsure, save it for later. Ask your supervisor. Ask someone from HR. Be proactive. If all that fails, give us a call. We would be happy to decipher for you. (Just know currently during the pandemic our call volume is at an all-time high).
Blog written by Maria Berra 3/17/20