Times of emergency create opportunities for ill-begotten gain for those willing and able to take advantage of the situation. COVID-19 is proving to be such an opportunity for bad actors.
While cybercriminals have promised to cease their attacks on hospitals for the duration of the COVID-19 crisis, the rest of us are not safe. A number of different COVID-19 outbreak-themed phishing emails are currently in circulation and it’s important to know what to look for.
To help you in your efforts in spotting suspicious behavior to protect your organization, we’ve collected examples from around the web. Be on the lookout for these and similar scenarios:
#1: Access to a COVID-19 Vaccination Scam
With the widespread of the COVID-19 outbreak, a vaccine is a priority around the world. However, one does not exist yet, and medical professionals anticipate that it will take a year or more to create one.
Despite this, a number of phishing emails are going around offering a cure or vaccine for COVID-19. Since no cure or vaccine currently exists, any email offering one or implying the existence of one should automatically be considered a scam.
Here is an example:
Photo credit: https://hotforsecurity.bitdefender.com/blog/coronavirus-phishing-scams-exploit-misinformation-22599.html
#2: News Updates
Reputable news organizations are working around the clock to provide updates on the current spread of the COVID-19 outbreak and the progress of efforts to slow or stop it. However, everyone wants the latest news on where the outbreak currently is and how quickly it is spreading.
Cybercriminals are taking advantage of this using phishing emails and malicious websites. An interactive map of the spread of COVID-19, created by Johns Hopkins University, has been duplicated on other sites. These versions contain links used to spread malware. If you are looking for infection by location information, visit the official World Health Organization (WHO) and CDC webpages or reputable sites like Johns Hopkins to find the latest updates and guidance.
Photo credit: News UAMS EDU Covid-10 Scam Alert
#3: Opportunities for Investment Scam
The COVID-19 outbreak has had a significant impact on the global economy. The need to implement social distancing has hurt many different industries, such as food services and hospitality.
Some phishing schemes have taken advantage of the economic impacts of COVID-19 to offer investment opportunities related to the virus. Any email offering stock in highly sought goods (such as surgical masks, hand sanitizer, or toilet paper) or similar opportunities related to COVID-19 has a high probability of being malicious.
Photo credit: https://hotforsecurity.bitdefender.com/blog/coronavirus-phishing-scams-exploit-misinformation-22599.html
#4: Discounted Medical Supplies Scam (Pretexting)
The run on surgical masks and other medical supplies has made some items extremely scarce and driven up prices. A common COVID-19 phishing pretext, another social engineering technique that uses mobile device texting, offers deeply discounted medical supplies or other scarce items (like toilet paper).
Official guidance from the Center for Disease Control (CDC) is that Americans should not be using surgical masks to help slow the spread of COVID-19. Without proper training, it is common for these masks to be used incorrectly, and they provide little or no benefit.
Additionally, the national stockpile of these masks for healthcare providers (30 million) is much smaller than the number needed (300 million), and medical professionals are resorting to improvised masks to make up for the shortage. Even if an offer is legitimate, it is best to leave these scarce resources for the healthcare professionals that need them the most.
Photo credit: https://ca.news.yahoo.com/heres-know-covid-19-scams-080000464.html
Tell-Tale Signs of COVID-19 Phishing Scams
Phishing emails take advantage of COVID-19 to get past their target’s defenses and increase their probability of success. However, these emails have the same warning signs as other phishing attacks, such as:
- Misspelled or otherwise incorrect sender addresses
- Grammatical errors or misspellings in the email body
- Links that don’t point to where they should (hover, don’t click to check)
- Attachments that seem unusual (odd filenames, wrong file type, etc.)
- An attempt to create a sense of urgency
- A request for sensitive information
If you receive an email with any of these warning signs, forward it to your IT department and delete it. This way, you not only protect yourself but also put the IT department on alert for similar attacks targeting other employees.
Avertium offers to phish and pretexting services to help you protect against COVID-19 related social engineering scams. Reach out to start a conversation.