Ai Editorial: Scammers step up game with Coronavirus phishing emails

16th March, 2020


Ai Editorial: Cybercriminals are trying to capitalize on the outbreak of Coronavirus Disease 2019 (COVID-19) by sending a high volume of this disease-related phishing emails, writes Ai’s Ritesh Gupta

 

Are you about to open a Corona virus-related malicious file? Or have you already inadvertently opened one?

We all need to be aware of phishing emails that are being sent by scammers, fraudsters and hackers. These emails feature files in various formats that are being disguised as documents relating to the newly discovered Coronavirus. Fraudsters are counting on public fear as they design malicious email campaigns, hoping the same would lure users into clicking on a link or open an attachment. So avoid clicking on links in unsolicited emails.

Typically emails, featuring information about COVID-19, are being sent from seemingly legitimate organizations. For instance, a malicious email falsely claiming to be from the U.S. Centers for Disease Control and Prevention is in news. Such emails generally ask the user to open an attachment to see the latest statistics or are even offering online offers for vaccinations. Or scammers are coming up with recommendations or  medical advice to protect one against the coronavirus. If a user clicks on the attachment or embedded link, they end up downloading malicious software onto a device. The malicious software paves way for illegitimate access to, or damage, computers, and possibly lead to identity theft as well.

Cybercriminals have also targeted employees’ workplace email accounts. Plus, according to Norton, scammers have posted ads that claim to offer treatment or cures for the coronavirus. The ads often try to create a sense of urgency — for instance, “Buy now, limited supply.”

Verify before taking action   

We have to be suspicious of an email that creates a sense of urgency or an action on an immediate basis. Take your time, check who has sent the email – look at the email id, for instance. Do not open attachments without first making sure the request is authentic.

It is becoming increasingly difficult to identify malicious emails. Acknowledging the threat, The World Health Organization (WHO) has admitted that fraudsters are posing as representatives of the organization to steal money or sensitive information.  WHO has asserted that if one is being contacted by a person or organization that appears to be from WHO, then one must confirm their genuineness before responding. There are appeals for funding or donations that aren’t related to WHO.

WHO will:

  • never ask for your username or password to access safety information
  • never email attachments you didn’t ask for
  • never ask you to visit a link outside of www.who.int 
  • never charge money to apply for a job, register for a conference, or reserve a hotel
  • never conduct lotteries or offer prizes, grants, certificates or funding through email.

How to prevent phishing  - a user would need to take extra steps, but these aren’t really tough things to do. They might take more time than usual to access information but then it is worth it if one can avoid being a victim to such phishing email scams:

  • Check senders’ details by verifying their email address (for instance, tally the official id of the organization and see if matches with the information in the email id)
  • Check the link before you click. Verify file extensions of downloaded files. Documents and video files don’t use the .EXE file format.
  • Be extra vigilant before sharing personal details (for instance, what’s the need to share username and password, why it is being asked for)
  • Do not click or act in a situation of urgency
  • Don’t be frightened (change credentials for a login in case you have participated/ given consent for something suspicious)
  • Ignore online offers for vaccinations