In a week dominated by news of the global Covid-19 pandemic, companies scrambled to find ways of securely supporting employees working from home. But the challenges are extensive, and in sectors with critical infrastructure like government defense, protecting data is just as important as protecting workers.
If you received an email from the Centers for Disease Control and Prevention or the World Health Organization about the Coronavirus outbreak, would you read it? Maybe click on a link? Cyber criminals are counting on it.
This outbreak has become a catalyst for cyber criminals who will use it as a basis for email attacks designed to retrieve personal information, steal money or infect computers with malware.
Here are some examples of emails used by criminals:
Here is another example:
At first glance, the sender’s email address appears to be legitimate, for example, cdc-gov.org or cdcgov.org. The criminals create domains that are very close to the real CDC site — cdc.gov. Even though the link looks like it will take you to a CDC.gov website about the Coronavirus, it will not. More than likely, you will land on a fake Microsoft Outlook login page, created by criminals to steal user names and passwords, which they control.
There is no reason to provide login credentials to visit a public website, such as the CDC.
Here are our recommendations to avoid getting hit by these cyber criminals: