Identifying COVID-19 Phishing Scams

Identifying COVID-19 Phishing Scams

As we continue to move through 2020 it has become very clear that cyber criminals are taking advantage of the COVID-19 crisis as they continue to target new victims every day. In a recent report, the Federal Trade Commission has recorded, to date, over 59,000 coronavirus or stimulus-related complaints. These complaints have resulted in over $74 million in losses for those who have fallen victim to these scams. Cyber criminals are taking advantage of common terms such as “coronavirus,” “COVID-19,” “financial assistance,” and “financial relief” to confuse and misguide victims into giving them valuable information and data.

These scams are nothing new, and while we always believe that vigilance is key in identifying any suspicious email or message, these are different times. Businesses and employees are under pressure to gather as much information as possible to understand their current situation and safely navigate to “life as normal.” Cyber criminals understand that in this uncertainty and desire for more information, people are signing up for more push notifications, more alerts, and more searching on more websites than before, opening themselves up for attack.

When it comes to phishing attacks there are fundamental clues that can help identify fraudulent emails and suspicious notices in your inbox. Some of these clues are:

  • Email address does not match business name or location: If you look closely and notice the FROM email address has missellpings within it, or frankly doesn’t match the organization they seem to represent, this is a clear sign that something is wrong.

  • Tone conveys a sense of urgency: Does this email read like action must be taken immediately? Emails with demanding requests and a sense of urgency are created to distract the reader from their true intentions. The idea that the reader is too preoccupied with getting the action completed to see that it is a false request is one way phishing emails succeed in tricking their targets.

  • Uncommon requests from someone within the organization: Is this email coming from someone you do not normally work with? Would they normally be asking for your help to complete the project or task? If this is the first time you are getting an urgent request from the CEO, it might be a phishing scam using management’s title to hide their true intentions.

  • Common words are misspelled: Many times the true sign of a suspicious email are common words that are easily misspelled. These misspellings are to give the email a human touch, providing enough human error to seem credible without drawing attention to other items that are different, such as hidden links or the FROM email mentioned above.

Phishing scams are not the only tactics cyber criminals are using at this time. Many cyber criminals are impersonating or creating fake charities and using social media to further expand their reach to victims. It has been widely seen, especially recently with Twitter’s large scale data breach, that many people are looking for financial assistance and are willing to fall for “send me $1 and I will send you $2” scams. The Twitter scam promoting bitcoin alone was able to steal upwards of $120,000 (Business Insider).

Identifying COVID-19 Phishing Scams

With charities, many times cyber criminals will create seemingly wholesome and thorough charity websites or social media profiles to target those who want to help their community. These charity scams often come as telemarketers or prompted phone calls. If you want to give to an organization, due diligence is needed before giving any personal or payment information – check websites, call the organization directly, or email them asking to set up a phone appointment. Verifying that a charity is currently accepting donations and giving them to a verified employee will protect your data from being compromised.

Cyber criminals will always find a way to exploit information about a current disaster – pandemic, earthquake or tsunami. To combat these attempted attacks on your data, remain vigilant about your online presence, and closely monitor emails that are received. Understanding how to identify a phishing email protects not only your personal information but could also protect business-critical information as well.