Coronavirus Phishing Emails – Here’s what you should know.

According to Reuters, the UK public have lost more than £800,000 since January 2020 as a result of coronavirus-linked scams. One such example was a victim paying £15,000 for masks that never arrived.

As a result of widespread fears in the news and media, scammers are gaining advantage with new phishing emails. Therefore a whole range of emails have been launched intended to collect personal data or install malicious software.

Such examples are:

  • Firstly, tricking people who want to buy products such as protective masks and hand sanitisers. These companies are usually fake and entice people to enter personal information such as bank details.
  • Next, emails appearing to be from organisations such as the Centres for Disease Control (CDC) and World Health Organisation (WHO). These emails ask recipients to input personal information, download files or support them with payment in the form of bitcoin or debit/credit cards.
  • Finally, emails promising miracle cures. These emails either contain files to download with malicious links or aim to capture personal information (incl. banking details) to purchase the products.

How to avoid being scammed.

For the most part, much of this information links back to our previous article, 7 ways to avoid spam and phishing emails. However, here are the key notes to take away.

VERIFY: Verify the authenticity of the email sender before responding

  • Check that the email address is correct.
  • Check that the actual link matches the official website address. Better yet, go directly to that website on Google instead of clicking the link.
  • Alternatively contact the organisation directly to verify if the email is legit.

REMEMBER: Most reputed organisations will never ask you to input personal information over email.

BEWARE of emails that:

  • Ask you to give sensitive information such as usernames and passwords instead of taking you to a trusted home page.
  • Send links and email attachments you didn’t ask for.
  • Prompt you to visit a link outside of the official company address. Beware of differences in the link address, particularly look out for small changes. For example who.int may appear as who-safety.int or who.org.
  • Last but not least, prompt you to give / donate funding over email.

DON’T PANIC:

Most importantly, don’t feel pressured into acting quickly, there’s always time to do your checks first.

Additionally, if you feel you have fallen for a scam, change your credentials immediately. If you have entered any banking information, contact your bank to report it.

Also contact your IT Support as soon as possible. In most cases they can search for any impact on your system, ensure all security checks are in place and try block future emails.

 

Some more relevant reads

True to form, cyber-criminals are looking to exploit the widespread hunger for news about the outbreak by using it as a phishing lure. https://www.infosecurity-magazine.com/news/coronavirus-attacks-malware/ 

Fake “Centers for Disease Control” emails and other scams already tricking the UK public out of £800,000, according to the police. https://www.theguardian.com/world/2020/mar/06/police-issues-warning-against-coronavirus-fraudsters-in-uk

Scam emails that use scaremongering tactics about Coronavirus to steal personal information have been sent to many a number of people in the UK. https://www.heart.co.uk/news/scammers-fake-coronavirus-emails/

As fears about the coronavirus continue to spread, cybercriminals are using the health crisis to send phishing emails using a variety of tactics to a broader range of targets. https://www.bankinfosecurity.com/more-phishing-campaigns-tied-to-coronavirus-fears-a-13709