Common Covid-19 Phishing Scams You Should Know
As the coronavirus wreaks havoc around the world, hackers and scammers are seizing on the chaos to launch more phishing attacks. According to research done by Barracuda, Covid-19 related emails phishing attacks have spiked 667%. Other reports also reveal that Google is blocking 18m Covid-19 scams daily. And this is just a drop in the ocean. Here are more shocking statistics that can paint a good picture of how pervasive phishing is and how much businesses stand to lose from successful attacks.
- About 90% of data breaches emanate from phishing (Source: Retruster)
- 94% of malware is delivered via email (Source: Verizon)
- 1.5m phishing websites are created monthly (Source: Webroot)
- A successful phishing attack now costs a mid-sized company $1.6 million on average (Source: Phishme)
The above data indicates the severity of the matter. In this post, we share some of the ways you can identify such scams, how to avoid them, and where you can get accurate information regarding the disease. Let’s dig in!
First, how to spot the Covid-19 phishing scams
Telltale signs of a coronavirus phishing email are:
1- Designed to look like it is coming from a specific reputable organization
To convince you that they are from legitimate sources, emails from fraudsters would, in most cases, impersonate origin from well-known health organizations or institutions in charge of disseminating information regarding the pandemic.
For instance, many people have been bombarded with emails claiming to come from the U.S centers for Disease Control (CDC). In one such email, the recipients are advised to go through a provided list for their safety.
2- Pretend to offer health advice to the recipients
In this case, you may get an email proposing to offer you medical advice to help you protect yourself from the virus. To capture your attention, the email may claim originality from the disease’s epicenter, for instance, from medical personnel residing in Wuhan China.
The email will then lure you into downloading a list of safety measures.
3- Impersonate workplace policies
Such an email will pretend to offer the way forward regarding how employees should carry out themselves within the Covid-19 pandemic period. For e.g. the email might appear to be from the internal sources asking employees to download malicious software, complete fake forms to collect sensitive personal information or malicious links to browse.
Types of Campaigns
To help you understand further, let’s now delve into the nuts and bolts of these phishing scams. Here are some of the campaigns that can be used by fraudsters:
1- Emails purporting to provide a discount for high demand products
The increased demand and low supply for critical protection products such as face masks, has inevitably created a scamming avenue. For instance, don’t be surprised to get an email from a fraudulent site offering to sell you a face mask at a discounted price.
Due to the current shortage of quality face masks, the chances are that you would click on the provided links to find out more or continue with the transaction. However, by doing so, you will be prompted to download malicious software or redirected to a site that looks like a well known online shopping website to steal your credentials.
2- Fake information or news
As a result of the continued upsurge of the pandemic, more folks are now searching for useful information on how they can protect themselves from the disease. On the contrary, this has opened a foxhole for cybercriminals who position themselves as the “gospel truth-tellers” concerning the Covid-19 disease through impersonation of reputable health and information organizations. As such, you may likely get an email supposedly originating from a well-known health entity aiming at providing you with “essential information” regarding the disease. Such emails will mostly contain Trojans created to steal your personal information.
How to avoid Covid-19 phishing scams
Like any other online frauds, coronavirus themed scams usually lure their email recipients into providing personal details or clicking on a link that can be utilized to commit identity or credential theft and fraud. To avoid falling for such traps, you need to:
1- Check the provided link or email address
To inspect the link of the received email, you can hover your mouse over the URL to determine its source. Mostly, you would easily tell illegitimate addresses from legitimate ones; however, fraudsters are advancing in their craft by closely mimicking legitimate addresses.
If you are unsure of the link, instead of copy-pasting or clicking, type in the URL in the browser. In case it turns out from a fraudulent source, delete the email. Watch out for shortened URLs as they don’t display the real website URL. Hence they are clicked more often with trust. If you don’t trust the source, delete the email, or verify the URL using tools like VirusTotal.
2- Be on the look-out for emails requesting personal credentials
As a rule of thumb, never give out your personal information to any unknown online sources. Better still, a coronavirus-themed mail seeking your credentials such as your login information or social security number is a phishing scam.
Any legitimate government body would never ask for such. Therefore, avoid responding to the email with your personal information.
3- Look out for generic greetings
Due to the effort or cost required to find out a recipient’s name, the majority of phishing emails in your mailbox would unlikely have your name on them.
Instead, you will receive greetings such as “Dear sir or madam,” which indicates that the email isn’t legit.
4- Watch out for grammatical and spelling mistakes
Most scammers are either too lazy or ignorant to proofread their messages. An email that is riddled with punctuation, spelling, and grammar mistakes is a sure sign of a phishing scheme. Thus, delete it.
5- Avoid rushy emails
In case you receive an email that prompts you to act on whatever is being said instantly, then you have a reason to think twice. This stems from the fact that phishing scams would, in most cases, try to demand immediate action or create a sense of urgency.
The objective of the mail is to gather your information as early as possible, mostly before you get wind of who they are. As such, beware of emails harboring alarming messages concerning Covid-19 disease and the need for instant action such as ordering for a cure or vaccine via a provided link.
Before we explore where to get accurate information about coronavirus, here a few best practices that you should never forget;
- Use of reputable multi-layered security software meant to protect you against phishing scams
- Avoid clicking on links or downloading content from unknown sources.
- Invest in excellent endpoint solutions that can protect you from such attacks or any other forms of online scams
Where to get accurate information regarding the Covid-19 pandemic
For practical and correct information regarding the Covid-19 pandemic, it is wise to visit reputable sites and offices. This includes health care agencies and government offices, as well as their respective websites.
Some of the best sources to find information regarding the pandemic includes:
The World Health Organization (WHO) : This entity offers a wide range of information regarding the disease. Such include travel advice, statistics regarding those afflicted by the disease, how to protect yourself from the disease, and answers to commonly asked questions.
National Health Service (NIH): This organization caters to United Kingdom residents and also tends to a vast range of issues regarding the pandemic.
National Institute of Health (NIH): NIH offers current guidance and information concerning the disease, which includes details from other government agencies.
Centers for Disease Control and Prevention (CDC): The organization’s website contains the latest information regarding the disease. For instance, prevention and treatment, how the disease spreads, symptoms, and travel, among other issues.
The current escalating situation is increasingly providing fodder for the innumerable Covid-19 themed scams. Thus, to protect your private essential information and assets, exercise caution. Always identify, mitigate, and prevent vulnerabilities. The best part is that ioSENTRIX can help with this.
At ioSENTRIX , we offer a thorough security assessment, including social engineering and phishing campaigns. We have all the right tools and expertise to secure your company, so you can focus on growing it. Contact us today, and we shall be more than happy to assist you.