Cyber criminals are preying on your corona virus fears to attack your technology networks.
Hackers know all too well that during uncertain times—whether it’s international conflict or coronavirus—people become desperate for information and reassurance. In fact, a coronavirus-related domain is 50 percent more likely to be malicious than any other domain!
One of the most common current phishing scams is cyber criminals disguising themselves as the World Health Organization (WHO) to steal money or sensitive information. These “Phishing” emails appear to be from WHO, and will ask users to:
- give sensitive information, such as usernames or passwords
- click a malicious link
- open a malicious attachment.
Phishing email messages like this might ask you to open an attachment to see the latest statistics. If you click on the attachment or embedded link, you’re likely to download malicious software onto your device. The malicious software could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data, which could lead to identity theft.
What can you do to to prevent a phishing attack?
- Take a moment to think before downloading attachments or clicking links in any email or message, especially from someone you don’t personally know.
- Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind hackers can create links that closely resemble legitimate addresses. Delete the email.
- Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
- Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
- Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
- Another big red flag is odd-looking attachments. You should always be very careful about opening attachments, especially if they come from an email address you don’t recognize.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
- If you gave sensitive information, don’t panic. If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them and contact your IT partner so they can assess the situation and properly remediate.
Most importantly, trust your gut. If something elicits strong emotions or a sense of urgency—or just feels off—pause to reconsider before opening it.