Pandemics Leads to a Huge Increase in Email Phishing Attempts.

In a week dominated by news of the global Covid-19 pandemic, companies scrambled to find ways of securely supporting employees working from home. But the challenges are extensive, and in sectors with critical infrastructure like government defense, protecting data is just as important as protecting workers.

If you received an email from the Centers for Disease Control and Prevention or the World Health Organization about the Corona virus outbreak, would you read it? Maybe click on a link? Cyber criminals are counting on it.

This outbreak has become a catalyst for cyber criminals who will use it as a basis for email attacks designed to retrieve personal information, steal money or infect computers with malware.

Here are some examples of emails used by criminals:

Here is another example:

At first glance, the sender’s email address appears to be legitimate, for example cdc-gov.org or cdcgov.org. The criminals create domains that are very close to the real CDC site — cdc.gov. Even though the link looks like it will take you to a CDC.gov website about the Corona virus, it will not. More than likely, you will land on a fake Microsoft Outlook login page, created by criminals to steal user names and passwords, which they control.

There is no reason to provide login credentials to visit a public website, such as the CDC.

Here are our recommendation to avoid getting hit by these cyber criminals:

  • Don’t be taken in by the sender’s name. Scammers can put any name they like in the “from” field.
  • Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take extra time to review messages for telltale signs that they’re fraudulent.
  • Check the URL before you type it in or click a link. If the website you land on doesn’t look right, steer clear. Do your own research and make your own choice about where to look.
  • Never enter data that a website shouldn’t be asking for. A site that’s open to the public, such as the CDC or WHO, will never ask for your login credentials.
  • If you realize you just revealed your password to impostors, change it as soon as possible. The crooks try to use stolen passwords immediately, so the sooner you change your password, the more likely you are to stop them for doing anything malicious.
  • Never use the same password on more than one site. Once crooks have a password, they’ll try it on every website where you might have an account, to see if they can get lucky.
  • Turn on two-factor authentication (2FA), if you can. Yes, it’s a slight inconvenience to enter a six-digit code when you want to long on, but it’s a huge barrier for the crooks. With 2FA, a stolen password, by itself, is useless to them.

If you have any questions or concerns regarding how to avoid phishing attack or have recent become the subject of one—contact us.

We will happily help you get through this process.