COVID-19 Scams and How to Avoid Them!
With the overwhelming influx of media and news coverage surrounding the novel coronavirus, or COVID-19, an existing danger has also become more prominent. A worldwide phenomenon such as a pandemic brings forth more phishing attacks that look to exploit public fears and those seeking more information on COVID-19.
Phishing is a type of social engineering attack in which cybercriminals use emails or even text messages to trick you into giving them your personal data. Common data they try to obtain can be passwords, social security numbers, account numbers, and more. They disguise emails claiming to be from a legitimate organization or source
Phishing attacks always look to incite an emotion that causes us to act faster or think less about our actions at that moment in time. COVID-19 is a very emotional topic right now and criminals know this. They hope that the average person will click that link or reply to a message if they use that lure.
According to Google’s Email Security team, they block over 100 million phishing emails each day and roughly 18 million of those are related to COVID-19!
How do I spot a COVID-19 phishing email?
Cybercriminals will often target organizations that are well-known. Some examples of organizations that will be impersonated are: the CDC, the WHO, local health organizations (King County Public Health, Snohomish County Public Health, etc.) and more.
The emails will mostly look legitimate, but have some glaring red-flags.
Here are some examples:
In both of these examples, the phishers claim to be medical experts, they claim to offer “advice” to safety measures, and they want you to click on their link.
How do I avoid these scams?
Here are some great tips from Norton Antivirus on how to avoid these Coronavirus scams.
Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
Check the trusted website first. If you receive an email from the CDC or local agencies, but are unsure whether they are legitimate, go to those organizations’ trusted and main websites first to find related information.