Heightened scrutiny against phishing attempts during COVID-19
The ongoing pandemic has kept many people in their homes, and this has resulted in an increase in online communication and commerce. Additionally, with rapid changes occurring in business, government and other areas, the frequency with which legitimate communications are being sent from organizations of all types has increased. This environment has presented an opportunity for cybercriminals to deploy phishing attacks, masquerading as legitimate senders and preying on the public’s fear and eagerness for information. During this time, It is important to treat each email, text or call with heightened scrutiny to avoid being a victim of these security threats.
What is a phishing attack?
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
How does it work?
Cybercriminals send emails or texts which are disguised to be from legitimate organizations conveying information about the coronavirus such as health agencies, hospitals, financial services companies or even the IRS.
These emails generally have an attachment or link that will offer helpful information to you, such as the latest COVID-19 statistics. The payload that they carry is not helpful at all, however. In many cases, as soon as you interact with the email by opening the attachment or clicking on a link, there is a chance of inviting malicious software (malware) onto your computer or device.
Malware enables cybercriminals to have direct access to your computer, and may allow them to log your keystrokes, record your screen and retrieve your personal and financial data. The end goal of phishing attacks is generally to gather enough information about you through your personal data that the perpetrator can ultimately commit identity theft.
How do I know if an email is a phishing attempt?
Are you expecting this email? Most likely, if you are not expecting an email from an official agency such as an Unemployment Agency or the Small Business Administration, these organizations will not email you. If you receive an unexpected email, treat it with caution.
Check the sender email address. The biggest tip-off that an email may be a malicious phishing attempt is the email address that the message is from.Does it match the official domain (often the same as the primary website address) and other emails you have received from this organization?
If it seems too good to be true, it probably is. A common email scam making the rounds during this pandemic is one that offers free vaccine kits or testing kits to victims and concerned parties, prompting recipients to enter their credit card and billing information on a fake e-commerce website. Unless an email is coming directly from your medical provider, this is most likely a scam. If in doubt, call the number you have on file for the office or provider you normally visit, to confirm whether the sender is legitimate.
Never enter your personal information. Delete all emails requesting personal information such as your Social Security Number, mother’s maiden name, or passwords. Take special care to scrutinize any emails that request this type of information in an urgent manner.
Unfortunately, the ongoing pandemic has given scammers an additional platform for cybercrime. It is essential to educate yourself and stay extra cautious when interacting with digital communications, as the consequences of account compromise or identity theft can be expensive and long-lasting.