Coronavirus Phishing Scams & How to Avoid Them

2 years ago

The outbreak of Covid-19 (Coronavirus) has resulted in people having to self-isolate and work from home to curb infection rates. Unfortunately, cyber criminals have used this as an opportunity to capitalise on these circumstances. Barracuda Networks have reported a 667% spike in the number of Coronavirus-related emails since the beginning of February. Today weโ€™ll break down common Coronavirus phishing campaigns and how you can avoid them. 

Financial Scams 

Coronavirus-related email scams appear to be the most prominent phishing campaign. Barracuda detected a surge in the number of emails claiming to sell surgical masks or that they have the cure for Coronavirus. 

In other cases, some email scams are posing as fake charities or the World Health Organisation (WHO). Under this guise, the email will ask for donations to be made to a Bitcoin wallet. 

Malware 

Another prominent Coronavirus phishing campaign making the rounds is emails impersonating government bodies and officials. As people are heavily relying on information and resources from official government sources, cyber criminals are manufacturing fake government emails embedded with malicious links and documents. 

An example of a fake government email embedded with a malicious link. 

An SMS-based phishing attack also circulated this week from the sender โ€˜GOVโ€™. The text told the receiver โ€œyouโ€™ve received a new message regarding the COVID-19 safetyline [sic] symptomsโ€ฆโ€. Android users who followed the link were prompted to download a malicious app designed to steal banking credentials and other sensitive information. 

Screenshot of an SMS-based phishing campaign.

Social Engineering 

With more and more people working from home, cyber criminals have leveraged this to their benefit. Late last year a number of businesses fell victim to email spoofing. Email spoofing is where your email account is hijacked (generally without your knowledge) and cyber criminals will send emailsย containing malicious links or documents to your colleagues, friends and family.ย These people are more likely to open and trust the email as it has seemingly come from you. This type of phishing campaign has resurfaced with a number of people now working remotely and communicating largely by email.

The above email is a cyber criminal sending an email from a colleagues address.

Spotting a phishing scam 

Whilst these phishing campaigns are constantly evolving, there are certain characteristics that make it easier to spot a scam. 

  • The email makes unrealistic demands or threats. Some phishing emails use blackmail or threats of jail time or a fine to scare the recipient into doing what they say. 
  • Theyโ€™re asking for money or donations. Thereโ€™s always a catch to phishing emails, the catch is usually they want money from you. This is a tell tale sign that this is a fraudulent email. 
  • The email is riddled with spelling and grammar errors. Most phishing emails address you or sign off in a vague way. As well as this, phishing emails often have a passive tone as well as spelling and grammar errors. 
  • Mismatched URL or attached document. Malicious emails will usually contain a link or document that they trick you into clicking/downloading. Itโ€™s good practice to never click or download any files or links from emails without being 100% sure.  
  • The email asks for sensitive information. Regardless of who the sender is, you should be highly cautious of any email asking for sensitive information such as credit card numbers, passwords or banking details. 

You can read more about spotting phishing scams here. 

With Coronavirus phishing campaigns on the rise, people working from home need to stay as vigilant as they would in the office.  
If you are concerned about your IT security, talk to Milnsbridge Managed IT Services today by either emailing us at enquiries@milnsbridge.com.au or calling us on 1300 300 293

Letโ€™s get started

Get in touch today and speak with one of our friendly staff. We will take the time to assess your business requirements and provide an obligation-free quote.ย 

Facebook
Twitter
LinkedIn

CORE

All the essentials
$ 75 Monthly
  • 3 Hours Remote Support
  • Support Hours 8am - 5.30pm M-F
  • Best Effort Response Times
  • Staff Onboarding + Offboarding
  • Microsoft 365 Administration
  • Cyber Security Awareness Training
  • EDR/Antivirus - Endpoint Protection
  • Cloud Hosted Email Security
  • Critical Software + Security Updates
  • Server Performance Monitoring
  • 24 x 7 System Monitoring + Alerts
  • Daily Backup Monitoring
  • Monthly Executive Reports
  • Standard Operating Environment

Growth

Unlimited Support + Security
$ 95 Monthly
  • Unlimited Remote + Onsite Support
  • Support Hours 8am - 5.30pm M-F
  • Guaranteed Response Times
  • Staff Onboarding + Offboarding
  • Microsoft 365 Administration
  • Cyber Security Awareness Training
  • EDR/Antivirus - Endpoint Protection
  • Cloud Hosted Email Security
  • Critical Software + Security Updates
  • Server Performance Monitoring
  • 24 x 7 System Monitoring + Alerts
  • Daily Backup Monitoring
  • Monthly Executive Reports
  • Standard Operating Environment
  • Keeper Password Manager
  • Duo Multi Factor Authentication
  • DNS Filter Internet Protection
Popular

Enhanced

Unlimited Support 24x7 + Security
$ 165 Monthly
  • Unlimited Remote + Onsite Support
  • 24 Hours Support - 7 Days a Week
  • Priority Response Times
  • Staff Onboarding + Offboarding
  • Microsoft 365 Administration
  • Cyber Security Awareness Training
  • EDR/Antivirus - Endpoint Protection
  • Cloud Hosted Email Security
  • Critical Software + Security Updates
  • Server Performance Monitoring
  • 24 x 7 System Monitoring + Alerts
  • Daily Backup Monitoring
  • Monthly Executive Reports
  • Standard Operating Environment
  • Essential 8 Assess & Report
  • Monthly Vulnerability Scanning
  • Threatlocker Application Control
  • Keeper Password Manager
  • Duo Multi Factor Authentication
  • DNS Filter Internet Protection