Select Page

Cyber criminals are using COVID-19 cover stories in new phishing attacks

CYBSAFE-SebDB Webinar-preblog-221011MS-36

18 March 2020

Here’s how to spot and stop the attacks

Criminals are using COVID-19 stories to convince people to do things they’d never normally do.

In one deplorable scam, cyber criminals email elderly targets. The criminals claim they represent medical organisations. They ask for deposits on COVID-19 vaccines (no such vaccine currently exists). 

In other attacks, criminals email people with “important updates” on COVID-19. The emails ask people to click links or open attachments. The links and attachments are, of course, fake. They unleash malware when clicked or opened.

How can you protect yourself and vulnerable members of society?

 

Spotting the attacks is tricky

As people, we’re inclined to act on emotional grounds. And the COVID-19 outbreak has gripped hearts worldwide.

You might feel angry about the outbreak. Or worried. 

Your heightened emotions make fake emails harder to spot.

 

How to keep yourself and others safe

That said, there are a few rules we can all follow to spot fake emails and unmask criminals. We’ve taken the following advice from the CybSafe module on social engineering. If you’re a CybSafe customer, review the advice in full here.

 

1. Ask yourself if you were expecting the email

If the email is out of the blue, it’s a red flag.

 

2. Ask yourself if the email conveys an undue sense of urgency

Cyber criminals want you to act quickly. They don’t want you to stop and think. So their fake emails tend to convey a sense of urgency. 

Emails might claim COVID-19 “vaccines” are limited in supply. Or they might ask you to open an attachment detailing “updates” immediately. 

If an email asks you to act quickly, take that as a cue to slow down and think.

 

3. Check the sender details

The criminals behind fake emails usually impersonate trusted sources. Like the NHS. Or the government. Or your boss. 

However, the sender details offer clues that the email is fake. The sender name might be NHS, for example. But the sender email might be nhs@gmail.com. 

The gmail account shows you’ve probably been contacted by a cyber criminal.

 

4. Avoid clicking suspicious links or opening suspicious attachments

Search Google for genuine links instead. And forward suspicious attachments to your IT or security team. Security professionals can investigate in a controlled environment.

 

5. Verify

If in doubt, verify the sender’s identity. Call them (or their organisation) using a known contact number. Avoid calling them on telephone numbers supplied in emails.

 

6. Report!

When you report fake emails, you don’t just protect yourself. You protect others, too. Your security or IT team can blacklist senders so no-one falls victim to scams you spot. 

The same applies to your personal email providers. Report the fake emails you spot to keep others safe.

The COVID-19 outbreak is indeed unsettling. So always remember you can take control of your own security.

Report fake emails to prevent cyber crime. You’ll keep yourself secure. And you’ll help vulnerable members of society in the process.

 

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

Maximizing security awareness engagement: How the pros do it

Maximizing security awareness engagement: How the pros do it

Ditch mandatory training, starting riiiight…now!Want to boost security awareness? Talk about something else entirelyGet serious about funThe top mic-drop insights from our Cybersecurity Awareness Month engagement webinar We know people whose organizations make a big deal of CAM are much more...