Don’t Be Fooled by Coronavirus Phishing Scams

As if the public health and economic impact of the novel coronavirus weren’t bad enough, many businesses are now facing cybersecurity threats from opportunistic online criminals. Public health experts strongly recommend that you allow your staff to work from home if possible — and so do we — but the increase in remote work is also increasing the number of phishing scams and spam that businesses have to deal with.

According to CNBC, 36% of their Technology Executive Council members say that cyberthreats on their organizations have increased. In addition, the Secret Service, FBI, and World Health Organization have all reported coronavirus-related scams.

We developed this guide to help your business stay safe from cyber threats designed to play on your employees’ fears surrounding COVID-19.

Subscribe to receive timely updates about modern workplace trends from our industry experts

Subscribe

Loading...

THANK YOU

TRY AGAIN

What is phishing?

According to the Secret Service, phishing “is the fraudulent practice of sending emails purporting to be from reputable companies in order to entice individuals to reveal personal information, such as passwords and credit card numbers.”

This is nothing new. Cyber criminals have been spamming our inboxes with these types of scams for decades. However, the fact that so many Americans are now working from home, presumably with access to companies’ networks from remote locations — along with the fear surrounding the pandemic — has increased the threat of phishing.

Criminals are distributing mass emails that look as though they come from legitimate health organizations, like WHO or the United States Centers for Disease Control and Prevention. These emails usually contain attachments or links that supposedly contain urgent information about COVID-19.

When people open these attachments, malicious software, or “malware,” infects their computer. When they enter their login ID and password for their business network, that information gets sent to the cyber criminals, who can now hack that business.

An important step to protect your business from cyber crime is to educate your staff about these scams.

How to recognize a scam

Part of what makes this such a tricky problem to solve is that there are legitimate emails going around with information about the pandemic. However, phishing emails tend to contain at least one of these telltale signs:

• It asks you to enter your username and password. WHO reports that they would never ask you for any username or password information in an email. If an un-solicited email asks you to hand over any personal information, chances are, it’s a scam.
• It asks you to visit a link from another domain. Let’s say you get an email claiming to be from CDC, and it asks you to click on a link. CDC’s website is cdc.gov. If the link in the email is from any domain other than cdc.gov (like cdc.com or cdc.org), then you know it does not lead to the CDC website.
• The email asks you for money. Although CDC and WHO both have charity arms that support health-related activities, they are probably not sending you emails about these charities unless you’ve signed up for a list. Moreover, scammers are notorious for asking for money in emails. If you get an email request for money from the CDC or WHO and you’re not sure if it’s legitimate, go directly to the organization’s website rather than clicking on the link in the email. You can always donate from there.
• Does the email claim that a major retailer has gotten a large amount of hand sanitizer or masks in stock? That’s probably a phishing scam. If you’re unsure, open a new tab on your browser, go to the retailer’s website, and search there for the item you’re looking for.

How to protect your business

An important step to protect your business from cyber crime is to educate your staff about these scams. Have them read this article, as well as the official FBI, WHO, and Secret Service warnings linked above. Next, have them follow this following advice when it comes to suspicious emails.

• Think before you open an email. Slow down and look at your inbox carefully. Listen to your gut. Does something not seem right? Then just delete the email without opening it. You’re better off not taking the risk.
• Let’s say you’ve opened an email and it contains a link. Look at the link closely. Hover your mouse over it to see the full URL. If it claims to be from CDC, the URL should be from the domain “cdc.gov.” If it’s from WHO, the domain will be “who.int.” If the URL contains a “.ru” or a “.cn” on the end, that means it came from Russia or China, respectively. Another sign that it’s a phishing email is misspellings in the URL. Don’t click on that!
• Never open an attachment unless you specifically asked the sender to send it to you. These could contain malware or other content harmful to your computer.
• Never send financial information. Do not send account numbers or credit card numbers in response to an email asking for that information.
• Update your antivirus software. If you don’t already have antivirus software, get some. Employers, consider adding a benefit by sponsoring antivirus software for your employees’ home computers as well.
• Keep in mind that antivirus software isn’t foolproof. You still have to follow these safety recommendations to ensure that you and your company don’t fall victim to a phishing scam.