The anxiety around the COVID-19 epidemic is being exploited by cybercriminals who are creating new scams for financial gain. These attackers have been sending out phishing emails pretending to be from legitimate health organisations, charities and government departments.
As the number of cases of the coronavirus have escalated cybercriminals have capitalised on the fear by sending out phishing emails with file downloads promising urgent health and safety advice and infection maps. However, these files contain malware so when they are downloaded your computer will be infected.
Alternatively, the phishing scams will attempt to gain personal information. They may ask you for confidential information to give you personal health advice, or link you to a document asking you to sign in with your email in order to harvest your password.
Examples of COVID-19 phishing emails:
An email claiming to be from the government about a COVID-19 tax refund. It will redirect you to a phishing page that will attempt to harvest your personal details such as login and password details with the false reward of a tax refund. In reality there’s no tax relief but you have handed over your personal data to a cyber criminal.
Health and safety information
This phishing scam claims to provide specialist health advice, but when you download the safety measures.pdf it contains a malware-infected file.
COVID-19 Company Policy
This phishing email claims to be from your company and contains information about your company’s policies and response to the pandemic. You will be led to a link in the email, this leads to a fake phishing site with a fake log-in page that will attempt to harvest your email password.
World Health Organisation
This Coronavirus phishing email claims to be from the World Health Organisation, and tries to dupe you into downloading a malware-infected file.
How to stay safe from coronavirus phishing attempts:
- Unless you have signed up for email alerts from the organisation, it is unlikely that they would send you a direct email
- If you receive an email claiming to contain important information check that the domain name of the email matches that of the organisation exactly. (e.g. nhsuk.com instead of the correct nhs.uk)
- Watch out for generic greetings (such as Dear Sir/Madam) and spelling errors
- Don’t download any file in unexpected emails
- Avoid clicking links in any unexpected emails
- Have a suspicious mind – think twice about downloading an attachment, following a link or responding to an unexpected email
- For up-to-date details about the coronavirus outbreak go directly to the organisation’s website. (https://www.gov.uk/coronavirus ; https://www.nhs.uk/conditions/coronavirus-covid-19/; https://www.who.int/emergencies/diseases/novel-coronavirus-2019)
With our huge reliance on technology, keeping yourself and your employees up-to-date on the latest cyber threats is vital to protect your business.
Our monthly bite-sized training cost £2 per month. We offer a free two week trial and phishing simulations to demonstrate how your business can benefit. For more information please get in contact 01603 firstname.lastname@example.org.