Security

Coronavirus Phishing Scams & How to Avoid Them

The outbreak of Covid-19 (Coronavirus) has resulted in people having to self-isolate and work from home to curb infection rates. Unfortunately, cyber criminals have used this as an opportunity to capitalise on these circumstances. Barracuda Networks have reported a 667% spike in the number of Coronavirus-related emails since the beginning of February. Today we’ll break down common Coronavirus phishing campaigns and how you can avoid them.

Financial Scams

Coronavirus-related email scams appear to be the most prominent phishing campaign. Barracuda detected a surge in the number of emails claiming to sell surgical masks or that they have the cure for Coronavirus.

In other cases, some email scams are posing as fake charities or the World Health Organisation (WHO). Under this guise, the email will ask for donations to be made to a Bitcoin wallet.

Malware

Another prominent Coronavirus phishing campaign making the rounds is emails impersonating government bodies and officials. As people are heavily relying on information and resources from official government sources, cyber criminals are manufacturing fake government emails embedded with malicious links and documents.

An example of a fake government email embedded with a malicious link.

An SMS-based phishing attack also circulated this week from the sender ‘GOV’. The text told the receiver “you’ve received a new message regarding the COVID-19 safetyline [sic] symptoms…”. Android users who followed the link were prompted to download a malicious app designed to steal banking credentials and other sensitive information.

Screenshot of an SMS-based phishing campaign.

With more and more people working from home, cyber criminals have leveraged this to their benefit. Late last year a number of businesses fell victim to email spoofing. Email spoofing is where your email account is hijacked (generally without your knowledge) and cyber criminals will send emails containing malicious links or documents to your colleagues, friends and family. These people are more likely to open and trust the email as it has seemingly come from you. This type of phishing campaign has resurfaced with a number of people now working remotely and communicating largely by email.

The above email is a cyber criminal sending an email from a colleagues address.

Spotting a phishing scam

Whilst these phishing campaigns are constantly evolving, there are certain characteristics that make it easier to spot a scam.

The email makes unrealistic demands or threats. Some phishing emails use blackmail or threats of jail time or a fine to scare the recipient into doing what they say.
They’re asking for money or donations. There’s always a catch to phishing emails, the catch is usually they want money from you. This is a tell tale sign that this is a fraudulent email.
The email is riddled with spelling and grammar errors. Most phishing emails address you or sign off in a vague way. As well as this, phishing emails often have a passive tone as well as spelling and grammar errors.
Mismatched URL or attached document. Malicious emails will usually contain a link or document that they trick you into clicking/downloading. It’s good practice to never click or download any files or links from emails without being 100% sure.
The email asks for sensitive information. Regardless of who the sender is, you should be highly cautious of any email asking for sensitive information such as credit card numbers, passwords or banking details.

You can read more about spotting phishing scams here.

With Coronavirus phishing campaigns on the rise, people working from home need to stay as vigilant as they would in the office.
If you are concerned about your IT security, talk to Milnsbridge Managed IT Services today by either emailing us at enquiries@milnsbridge.com.au or calling us on 1300 300 293.