Pandemic Leads to Spike in Email Phishing Attempts
by Michael Abboud Share
In a week dominated by news of the global Covid-19 pandemic, companies scrambled to find ways of securely supporting employees working from home. But the challenges are extensive, and in sectors with critical infrastructure like government defense, protecting data is just as important as protecting workers.
If you received an email from the Centers for Disease Control and Prevention or the World Health Organization about the Coronavirus outbreak, would you read it? Maybe click on a link? Cyber criminals are counting on it.
This outbreak has become a catalyst for cyber criminals who will use it as a basis for email attacks designed to retrieve personal information, steal money or infect computers with malware.
Here are some examples of emails used by criminals:
Here is another example:
At first glance, the sender’s email address appears to be legitimate, for example, cdc-gov.org or cdcgov.org. The criminals create domains that are very close to the real CDC site — cdc.gov. Even though the link looks like it will take you to a CDC.gov website about the Coronavirus, it will not. More than likely, you will land on a fake Microsoft Outlook login page, created by criminals to steal user names and passwords, which they control.
There is no reason to provide login credentials to visit a public website, such as the CDC.
Here are our recommendations to avoid getting hit by these cyber criminals:
- Don’t be taken in by the sender’s name. Scammers can put any name they like in the “from” field.
- Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take the extra time to review messages for telltale signs that they’re fraudulent.
- Check the URL before you type it in or click a link. If the website you land on doesn’t look right, steer clear. Do your own research and make your own choice about where to look.
- Never enter data that a website shouldn’t be asking for. A site that’s open to the public, such as the CDC or WHO, will never ask for your login credentials.
- If you realize you just revealed your password to impostors, change it as soon as possible. The crooks try to use stolen passwords immediately, so the sooner you change your password, the more likely you are to stop them for doing anything malicious.
- Never use the same password on more than one site. Once crooks have a password, they’ll try it on every website where you might have an account, to see if they can get lucky.
- Turn on two-factor authentication (2FA), if you can. Yes, it’s a slight inconvenience to enter a six-digit code when you want to log on, but it’s a huge barrier for the crooks. With 2FA, a stolen password, by itself, is useless to them.
« Return to "American 1 Blog"