The World Health Organization warns: beware of coronavirus-themed phishing attacks.
Talk of a second wave of shutdowns is brewing and some places have already started them. With this new surge of attention toward the virus we have all started growing used to, increased coronavirus-themed attacks are also expected.
Online security attacks usually piggyback on popular topics. So it’s not a surprise that cyber criminals would take advantage of people’s interest on the topic of the virus that is affecting each and every one of us. These attacks could include: phishing attacks, credential theft, bitcoin and financial fraud, ransomware campaigns and more. The threats are everywhere you are- in your email, your texts, social media, website advertisements, etc.
The COVID-19 Cyber Threat Coalition has taken measures to release a block list of known URLs and domain names that have, in the past, been associated with Coronavirus-themed scams, phishing attacks, and other threats. This however does not mean that you’re safe. New threats related to coronavirus are emerging every day so it’s important to be prepared and know what to be on the lookout for.
What You Should Look For
1. Demands of immediate action
Phishing emails or texts will often try to create a sense of urgency so there’s little time to think. They will also encourage you to click links. If you see an email containing urgent messages from an unrecognized sender, delete it.
2. Request for personal information
If a link from an email/text asks for personal information like your social security number or credit card information, be cautious. If there is no clear reason why this information is needed, this is a red flag and the email the link came through should be deleted.
3. Suspicious link or email address
It’s good practice to always hover over links before clicking in order to check where the link leads. It’s sometimes obvious that a web address is not legitimate. Sometimes the sender’s address can also look suspicious. If an email claims to be from a government agency, the email will not end in @gmail.com or another free email service.
4. Spelling/Grammatical Errors
Emails from credible sources will not contain any spelling or grammatical errors. Credible sources have many people proofread and review before any material is distributed. So if the email has errors, err on the side of caution and delete it.
5. Generic greetings
Phishing emails will usually begin with a generic greeting. Greetings with “Sir” or “Madam” are signs that an email could be a phish. Emails from legitimate sources will most likely use your name.
Also be advised: many emails claim that they are from the World Health Organization (WHO). The WHO says that any email that would actually come from them would fit the format, email@example.com. Anything different is most likely a scam. However, even emails that appear to use the domain, @who.int, could be a phish. This happens when criminals forge the “from” address to make it appear as though it is coming from @who.int. To combat this threat, WHO has implemented a new email security control called Domain-based Message Authentication, Reporting, and Conformance (DMARC).