Coronavirus phishing emails: How to spot and protect against COVID-19 scams
Since last few months the word corona virus is echoing in every human being’s mind. The cyber criminals are also one of them. Innocent people are looking for vaccine and medical treatment and trying to stay away from outside world as much as possible and locked down in home. At the same time Cyber criminals are focusing all their efforts on scams that capitalize on the panic.
Let’s understand one of the methods which is used by cyber criminals to trick people to steal personal information, password, bank details, which is called email phishing.
What is phishing?
Phishing is a type of social engineering attack in which cyber criminals trick victims into sharing sensitive information or installing malware without victims knowledge.
More often they use this trick via sending malicious emails that appear to be from trusted senders, but sometimes use other means as well, which we will discuss in another article. In this article lets focus on email phishing.
The number of reported phishing attacks has risen by more than 600% since February, with the majority of those cashing in on people’s suspense, hope, getting positive news and fears over the pandemic.
How does phishing work?
Criminals mostly use two basic methods to ploy the innocent victim:
- Malicious attachments: Malicious email attachments, which usually have enticing names, such as “Cure from coronavirus”, ‘LOTTERY’ “WINNERS” “WIN iPHONE”, etc. The moment email attachment is opened it instantly installs malware on victims’ machines.
- Links to malicious websites: Malicious links point to websites that are often clones of legitimate ones, which download malware or whose login pages contain credential-harvesting scripts.
So, what does a phishing am email look like? Let’s get started with an email which I have recently received:
- Workplace policy emails
- Email from bank alerting about spam email
How to identify phishing emails:
It is therefore critical for all netizens to be able to recognise them. Things to look out for include:
- Public email domains
- Misspelled domain names
- Bad grammar and spelling
- Suspicious attachments/links
- Sense of urgency
Protection from phishing emails:
- Beware of online requests for personal information: No government of any agency ask your personal or sensitive information on email or phone. Never open such email.
- Beware about the ads popping in your email box: Such ads often try to create a sense of urgency — for instance, “Buy now, limited supply.” Be aware you will able to hear such news from the government agency through newspaper or TV news.
- Workplace policy emails: Scammers are sending random emails to everyone with a subject line like “message from HR department”. Be aware your company HR will never send official email on your personal email ID until unless you have requested.
What to do if you've already responded:
If you've already responded to a suspicious message, take the following steps:
- If you’ve been tricked into providing your banking details, contact your bank and let them know.
- If you think your account has already been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account), refer to our guidance on recovering a hacked account.
- If you received the message on a work laptop or phone, contact your IT department and let them know.
- If you opened a link on your computer, or followed instructions to install software, open your antivirus (AV) software if you have it, and run a full scan.
- If you've given out your password, you should change the password.
- If you've lost money, tell your bank and report it as a crime to police.