In some ways, it feels like we’re living through an email renaissance! Over the last few weeks, a flood of legitimate and reputable information, alerts and offers about the Coronavirus has been hitting email inboxes across Wisconsin and the United States.
During this pandemic people have a desire to donate to causes, learn information as soon as it comes out and keep themselves and their families safe. Unfortunately, these desires create a fertile digital landscape for bad actors, scammers and cyber criminals to take advantage of our hopes and curiosity.
The United States Secret Service released a press release way back on March 9th, before the country was on high alert, warning of COVID-19 related phishing alerts. “The Coronavirus is a prime opportunity for enterprising criminals because it plays on one of the basic human conditions… fear” reads the release. “Fear can cause normally scrupulous individuals to let their guard down and fall victim to social engineering and scams.”
At SWICKtech we’ve been researching the latest COVID-19 scams and many of them fall into one of the three categories mentioned above: donation requests, safety alerts and new information. We’ll talk about each category and how you can avoid being scammed.
It’s upsetting to realize that cyber scumbags would steal from people trying to help. Scams we’ve seen around Coronavirus ask for donations to help poverty-stricken regions around the world. Most of the scams look like they’re coming from recognized organizations; GlobalGiving, Unicef or the World Health Organization.
Be sure that you double-check any email request for donations with the website’s organization listed in the email. Many organizations will have a page on their site dedicated to secure donation. If an email link takes you to a page that looks like a payment portal, just be sure that the URL of the page corresponds with the legitimate website domain. For example, Unicef’s giving page is unicef.org/take-action. A malicious URL might be unicef-giving.com/take-action. The difference is subtle. Look at the prefix of the URL before the “/” to figure out if a domain is legitimate.
Scamming on people’s fear, as the Secret Service warns about, is most effective when a victim feels that their safety is at risk. Many of the email scams and phishing attempts we’ve seen at SWICKtech lure people into clicking by offering a vaccine or way to stay safe that isn’t known widely by the public yet.
If you’re reading an email that wants you to click to learn about a conspiracy theory, a way to stay safe or a COVID-19 cure, it’s probably not legitimate and should raise a red flag in your mind.
Right now people are addicted to knowing the latest information about Coronavirus, whether it’s numbers of people sick/infected or knowing when they can get their next roll of toilet paper! Luring a victim into more information is about as old-school as scams come.
Be wary of emails that ask you to click on a link for “more information”. The link could be completely legitimate but could also be malicious. We’ve also seen a rash of scammers using fake file sharing sites, that look like OneDrive or DropBox to lure people into clicking or giving up their credentials to access “COVID-19 files” or “Coronavirus Action Plans”. Be wary of these.
There is modern threat-protection technology that can be deployed in your organization to make many malicious links un-clickable. Check with your IT department or SWICKtech’s IT consultants to be sure you have that technology in place or if you want to get your employees trained on cybersecurity, phishing threats and scams they might face in their inbox.