COVID-19 has completely changed the way that we live our lives. In countries around the world, it’s causing panic. You’d think that everyone would come together at a time like this. For the most part, you’d be right.
Unfortunately, though, there are those individuals who are using this panic to their advantage. In this post, we’re going to talk about how phishers are using the current panic about COVID-19 to net more victims.
Here are some of the more creative formats that phishers have used recently to their advantage.
Emails from recognized health authorities
Think about this scenario for a second. You see an email from the World Health Organization. The subject line reads, “Urgent Information to Stop the Spread of COVID-19.” You open the email and see a letter from the World Health Organization.
It’s on an official WHO letterhead. It’s signed by a doctor something or another and speaks about how you can register to receive timely updates. You know that you should never click on a link in an email, so you look up the WHO site.
You can’t find the registration forms there, so you backtrack. You want to register for the information, so you click on the link. The site looks legitimate. It looks exactly like the site that you looked up earlier, so you enter your name and email address. They also ask you if you want to receive updates on your cell phone.
Of course, you do, so you input your phone number. Needless to say, you never hear from the WHO again. A short while later, you’re locked out of your computer and are told to pay a ransom. You head off to check your bank account, and it’s drained. Now you know that you’ve been scammed.
Let’s look at the mistakes that you made.
- Opening the email was the first mistake. Why would the WHO send you an email out of the blue?
- You did the right thing by checking the site. It was wrong to click the link when you couldn’t find the right page on the real site.
- By clicking on that link, you exposed yourself to a potential malware-loaded site. These sites often host nasty malware such as ransomware and viruses.
- Inputting your name and email address may seem harmless. It isn’t. Giving hackers your email address gives them a target email address to hack.
- More fatal than that, though, you gave them your phone number. This enabled them to perform sim swapping and clone your phone. They could easily reset your banking passwords without you being any the wiser. Turns out 2FA isn’t as secure as you thought.
Now granted, not everyone would fall for an email from the WHO, like this. But what if your government put measures in place to assist those who lost their jobs? What if you got an email stating that you should register for assistance?
Emails from your boss, clients, or suppliers
These attacks require a little more research. They’re effective, though, because they use fine details that generic attacks can’t get right. It might be a letter from your boss outlining the company’s policy in terms of reduced working hours.
It could be a letter from a supplier with a list of items that they’re running short of. It might be a client forwarding you a repayment arrangement.
The point is that these attacks are even harder to see coming. They might not contain any links to allay suspicions. When you open that attached document, though, your computer’s infected.
How do you keep yourself safe from phishers? By being extremely vigilant. Panic makes it easy to forget the standard cybersecurity procedures. View every email as suspicious – check the email address of the sender carefully. If there’s any doubt, verify the instruction by calling the number that you have on record.
By being more careful, we can all limit the potential damage that these phishers can wreak.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.