How to identify Covid 19 scams and take appropriate action.

Multiple incidents have been reported related to the COVID-19 crisis from all around the world, and we should remain vigilant for email, text and phone scams related to COVID-19. Cybercriminals may send emails with malicious attachments or links to clone websites to trick victims into giving sensitive information away or donating to fake charities. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.

An incident was reported regarding an email that went out from the World Health Organization, asking donations for its Covid-19 Solidarity Response Fund to support the WHO’s work tracking and treat coronavirus. The sender’s address was “donate@who.int,” and it should be noted that who.int is the real domain name of the organization.

 

Examples:

Email Alert

 

Text Message Alert

Spoofing Alert

Email spoofing is a popular tactic used in phishing because people are more likely to open an email when they think it has been sent by a legitimate or trusted source. The goal of email spoofing is to get recipients to open, and possibly even respond to, a solicitation. Cybercriminal may also use this technique to avoid spam email blacklists, commit identity theft or tarnish the image of the impersonated sender.

How to identify phishing or spam emails.

  • Carefully investigate the email sender. In most cases, cybercriminals use similar domain names to trusted sources.
    Trusted sources will not attach zip files to email to download.
  • Cybercriminals use phishing emails that include urgent calls to action. Avoid such clicking on them.
  • Research and find if there are any press releases or NEWS related to the email which you have received.

How to stop email spoofing

  • Avoid clicking on suspicious links or downloading suspicious attachments.
  • Never enter sensitive information into links that are not secure.
  • If you find a message reported as spam on gmail, yahoo, or outlook clients.
  • Hover over the URL to check its validity.

A well-coordinated phishing email campaign can be stopped by a human firewall before penetrating through your business or organization’s employees. Whether you work from home or at your office, cybercriminals are using sophisticated tactics to gather information in order to coordinate critical cyberattacks. A well-trained employee can identify phishing emails before they click on anything. Get your free training now, all you have to do is: Subscribe 

References:
https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams

https://news.sophos.com/en-us/2020/03/24/covidmalware/