These Coronavirus Phishing Scams are Hitting Inboxes Now! Here's How to Stay Safe

The world is dealing with a pandemic and phishing may not be at top of many people’s list of concerns. Yet, scammers are taking advantage of everyone’s fears. They do this by pushing out new coronavirus (COVID-19) campaigns.

It’s exactly because attention is elsewhere, that these scams are particularly dangerous. Emails often elicit an emotional “click before thinking” response during times of stress. And this pandemic is one of those times.

The last thing you need to worry about is a malware infection or data breach at your business. So, employee awareness of the types of scams and how to avoid them is imperative.

Many scams are get past the normal IT security that Chesapeake area businesses put in place. Hackers rely on a user clicking a malicious link. This can initiate a malware download or capture login details into a fake form.

Every minute, $17,700 is lost due to phishing scams. 

We’ve compiled a list of the latest coronavirus scams that are making their way into inboxes. We’ve highlighted them below. This will help you know what to watch out for and includes tips to keep your office safe from phishing attacks.

New COVID-19 Phishing Emails 

There is no lack of creativity among cybercriminals. Coronavirus (COVID-19) phishing scams use just about every tactic imaginable. You’ll want to alert your team to be on the lookout for the following types of emails.

Fake COVID-19 Map

The Bellevue, Washington Police Department sent out a warning on Twitter. This was about a fake COVID-19 map that purports to be from John Hopkins University. If the user clicks the link provided in the email, they land on a site that downloads malware on their computer.

Human Resources Policy Scam

A scam aimed at employees urges them to review a new company “Communicable Disease Management Policy.” The phishing email pretends to be from human resources. It includes instructions telling employees to read the policy by a certain date. The link takes the victim to a malicious website.

Image source: U.S. Department of Health & Human Services (HHS)

Health Advice Emails

Another type of coronavirus phishing scam preys on the desire of people to stay safe. This scam promises to provide health advice, which is really a link to a dangerous website.

Often, the email will purport to be from a medical professional or specialist. It will include a link to “Safety Measures” that spoofed to look like a downloadable PDF.

Fake Charitable Donation Request

Often after natural disasters, scammers will begin spoofing charities. They send out a fake request for aid. The purpose is to steal money and credit card details from unsuspecting victims. Users also need to be on high alert for this same thing happening with the coronavirus pandemic.

CDC Phishing Scam

Another dangerous COVID-19 phishing scam pretends to be from the Centers for Disease Control and Prevention (CDC). It uses a fake domain that could easily fool many users. The sender’s domain is “cdc-gov.org” which could easily look legitimate to a recipient. The real domain of the CDC is cdc.gov.

This email notes an “updated list of new cases around your city” and gives a malicious link for the user to click.

Tips for Avoiding Phishing Scams

Now is a good time to provide a phishing awareness refresher to employees. There are also software tools you can use to reduce your risk of a data breach from a phishing email.

Hover Over Links Before Clicking

Phishing emails overwhelmingly use URLs rather than file attachments. This is a way to get past IT security defenses. Users should hover over links without clicking them, which will reveal the true URL. This tactic often immediately identifies the link as a fake.

Question All Unexpected Emails

It’s important to be suspicious about any unexpected email. This includes whether it’s pretending to be from your HR department or a government agency.

Double-check in person or by phone if you receive an email claiming to be from within your company.

Visit Websites Directly

Instead of clicking an emailed link, go to a website directly (such as cdc.gov or hhs.gov) for legitimate coronavirus information.

Use a DNS Filter

DNS filters help block malicious websites even after a user has clicked a URL from an email. This is an important protection against phishing attacks. Upon clicking a dangerous link, the tool will redirect a user to a warning page.

Use Anti-Phishing Software

Keeping phishing emails from getting into inboxes reduces the risk. It can also keep you from becoming a phishing victim. Use tools that offer behavior monitoring rather than those that are only signature-based.

Protect Your Workstations with a ZZ Servers Solution!

Our ZZ Servers workstation solution includes protection from spyware, ransomware, viruses, and more. Don’t leave your network unsecured, get the support you need to safeguard your company.

Contact us today to schedule a free consultation. Call 800-796-3574 or reach out online.