As if this whole COVID-19 health crisis wasn’t devastating enough, cyber criminals are now attempting to take advantage of this situation. You’ve probably already seen an overabundance of emails and social media posts popping up by the hour. While most of these posts and emails are legitimate, there’s an increasing potential that one could lead to a phishing scam.
According to Virginia Coronavirus Fraud Task Force, “Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails designed to trick recipients into downloading malware or providing personal identifying and financial information.”
But let’s backtrack. What is phishing in the first place? Phishing is the fraudulent attempt to retrieve personal information such as credit card numbers, usernames and passwords and other sensitive data. Luckily, there are ways you can prevent this.
Chris Ferow, TelNet Worldwide’s Director of Software Development and IT, shares five things to watch out for and how to detect a COVID-19 scam.
Preventing COVID-19 Fraud
1. Be wary of “offer” emails.
Whenever you have an email with a particularly enticing subject line, ask yourself this: Does it sound like something too good to be true? Your intuition is most likely correct.
An example headline of an enticing email might be “New COVID-19 prevention and treatment guidelines. See attachment for details!” or “COVID-19 testing in your area! Click here to set up your appointment.” These are obvious signs that a phishing scam is being attempted.
2. Check the sender in emails and texts.
When going through your email account, it’s easy to get carried away clicking email after email to clear your inbox. But don’t get too carried away. Be sure to pay attention to the sender, and if anything is suspicious, it’s best to delete.
I actually pulled this from one of my personal email account’s spam folder today. The subject was ‘Amazon Customer Appreciation’ and the sender was firstname.lastname@example.org.
Looks pretty ‘phishy’ huh? This is an email that you can delete right away.
3. Avoid downloading any email attachments or clicking on links from unknown senders.
When opening an email, most people will then download an attachment right away — which is what the scammer will want you to do.
Be on the look out for malicious attachments that may come in the form of zip files, software (.exes) and documents with macros which all can link to malware viruses.
4. Never give out sensitive information online or in emails.
Avoid giving passwords through email or entering sensitive information on non-secure sites. A secure website will always have a lock in the upper-left of the URL placement. See below for an example:
Ask yourself these questions before giving sensitive information:
- Why do they need it?
- How will it be used?
- How will they protect it?
- What happens if I don’t share the information?
If you have an uncertain answer, that will tell you that it’s very likely suspicious.
5. Make sure to protect your data.
If you have files on your computer that are important or sensitive, make sure to save documents to a personal cloud space such as Google Drive, OneDrive or Box. If your computer were to be compromised, your documents and data could be compromised as well. By keeping data in the cloud, you protect what you are working on and the enterprise’s information.
What To Do If You Think You’ve Been Phished
1. Change your passwords immediately.
If you give away your password to an untrusted source, it may not be too late to change it. Make sure to update your password right away.
Sometimes there are two-step verifications where you can connect your phone to the account to send a code for every login. We highly recommend this as it’s one of the safest ways to protect your account.
After updating your password information, be sure to monitor the account for suspicious activity. An email account, for example, will alert you of login activity. If you see any login attempts that didn’t come from you, that’s a sign your account may have been compromised.
If possible reach out to your account’s technical support as soon as possible to alert them and try to get your account back.
2. Report the incident if possible.
If the sender was impersonating a business, let that business know right away. Be sure to provide them with as much information as possible and let them know whether you’ve changed your password. They may provide you with ways you can further safeguard your account and help monitor any suspicious activity.
3. Scan your computer for malware and viruses with antivirus software.
Whether you’ve been phished or not, it’s a great idea to have antivirus software. Having an antivirus protects you from all forms of harm and may even help fix your computer if you’ve been exposed to malware.
Look for a virus protection software that comes with safe browsing features, social media protection, firewall and identity protection to go along with your standard computer file protection. It’s also important to note that a good virus software will update frequently.
4. Keep an eye out for identity theft.
If you’ve given out information related to your financial assets or social security number, be sure to watch for signs of identity theft. Make sure there’s been no suspicious activity within your bank or credit card transactions. Keep up with your credit report so that there are no mystery lines of credit. If you suspect that your identity has been stolen, report it to the Federal Trade Commission right away.
What We’ve Done at TelNet Worldwide
We’ve taken a number of steps to protect ourselves from harm as well as safeguard the integrity of our data so our systems are not compromised. Some highlights of the upgrades we have made are:
- Enhanced our VPN, complete with multi-factor authentication
- Upgraded all computers with BitBucket for better virus protection
- Upgraded capacity of Google shared drives
In times such as these, it’s important to remain vigilant — especially when it comes to scammers. We hope these tips will help you stay safe online. And please remember to stay healthy and wash your hands frequently.