Do Not Fall for Coronavirus Phishing
Phishing works by playing into the fears or hopes of people. These emotions push people to click an unknown link or share information they should keep secret. Phishing emails cover a range of themes, from impersonating the IRS to claims that the recipient has won a prize. The cause of immense worldwide fear, confusion and uncertainty currently is the coronavirus COVID-19. Criminals are crafting emails to play into these fears and get victims to click links, download attachments and share personal information.
Phishing also uses urgency to pressure the potential victims. The criminal might emphasize doing something now to avoid penalties or harm. Rushing the recipient into a course of action means the victim does not have the time to stop and think or verify the claims.
Phishing can take the form of emails, phone calls, text messages, social media messages or even a fax. How does a physical virus become a threat to people’s digital lives and money? Here are three methods that criminals can use to inflict harm:
1. Install Malware
Infecting the victim with malware allows for the criminal to take control of the computer for the purposes of ransomware or other nefarious activities. The person does even need to install an .exe or other unknown file type for the malware to infect. Malware can be hidden inside Excel or Word documents as well.
2. Gather Personal Information
Your personal information is valuable material. With your personal information, the criminal can make future phishing more personalized. The information can also be used by the criminal to steal your identity. This means they can open lines of credit, make purchases and do other negative things in your name.
3. Send Money
When natural disasters happen, generous people bring out their wallets and donate. Criminals can not only create a fake email to send to people, but they can also create a whole website interface to facilitate receiving funds. You might think you are donating to a good cause, but the money is off to the criminals.
Phishing emails can be clever, but uncovering the truth is possible with some investigation. With regards to coronavirus, a health agency will not contact you via email related to infections or quarantines. The World Health Organization echoed this guidance and said that they will:
- Never ask you to login to view safety information
- Never email attachments you didn’t ask for
- Never ask you to visit a 3rd party link
- Never charge money to apply for a job, register for a conference, or reserve a hotel
- Never conduct lotteries or offer prizes, grants, certificates or funding through email
- Never ask you to donate directly to emergency response plans or funding appeals
In addition to the recommended practices users should follow, working with a MSSP can help prevent phishing. The MSSP can use anti-phishing software to monitor the activity of emails and network traffic.