In the midst of the coronavirus pandemic, many companies and organizations have had to pivot to remote working activities. Because of this, all communication that was happening in the office has shifted online. A greater reliance on online communication means only one thing for cybercriminals… plenty of opportunities to make a quick buck from your business.
Unfortunately, this means that the spread of COVID-19 has come hand-in-hand with the spread of phishing scams, with popular scams involving bating individuals with false track-and-trace information and luring people to click on malicious attachments and links.
So far, email phishing attacks have risen over 600% since February 2020. Although your business is likely to be targeted, you’re not helpless. By learning what scams to look out for, you can arm your staff and protect your data and bottom line.
How Do Phishing Scammers Operate?
Scammers prey on individuals by sending malicious emails that often contain a link or downloadable attachment.
During the coronavirus pandemic, scammers are using information about coronavirus to their advantage by including embedded links in emails that highlight medical or governmental information, even going so far as to send alerts to unsuspecting individuals that suggest they may have contracted the virus through a known acquaintance or friend.
The kind of software scammers trick you into downloading can identify keystrokes, which allows them to pull your personal information, passwords, banking details, and lots more.
Is It Possible To Identify Phishing Attacks?
Whilst it can be easy to fall victim to phishing attacks, phishing emails can be quite easy to identify… if you know what to look for.
Phishing emails usually:
- Look authentic and similar to an official government or medical organization.
- Instill fear into the recipient by offering urgent information and demanding urgent responses.
- Claim to contain pertinent information (specific to coronavirus at the moment).
- Ask you to click on a link or download an attachment.
Protecting Against Phishing Attacks
You can protect yourself against phishing attacks by taking these simple steps:
- Don’t open emails from unfamiliar individuals or organizations, especially if they request any personal information.
- Don’t click on links or attachments in an email unless you know what they are (you can check a hyperlink before you click on it to ensure it’s real by hovering over it with your cursor and reviewing the link in the bottom left of your browser).
- Keep your eyes peeled for grammar and spelling mistakes; fraudsters may be wiley but they don’t tend to proofread like official sources.
- Only refer to official websites and sources for updates on COVID-19
- Never supply personal information or financial information to anyone via email.
COVID-19 Phishing Scams
For most, the coronavirus pandemic has caused some level of trauma. For scammers, it’s been a once-in-a-lifetime opportunity to take advantage of people’s fears and vulnerability. Let’s take a look at the ways they’ve exploiting the pandemic.
Malicious COVID-19 Domains
In partnership with VirusTotal and WHOIS XML, ProPrivacy headed up a project which analyzed over 600,000 registered domains. They tracked the domain’s malicious activity and found that a large number of phishing domains were registered in late March 2020. Up to 1,200 domains are being registered every day, even now.
As the pandemic progressed, the project tracked the evolution of phishing scams, which relentlessly targeted specific public fears and ‘hot topics’, like whether we should wear face masks, whether children should be allowed back to school, and so on. Both the name and content of newly registered domains changed with the focus of public attention.
U.K. COVID-19 HMRC Scam
In the U.K., scammers have been masquerading as HMRC, sending text messages to individuals offering pandemic-related tax refunds that users can apparently apply for via a website. The messages have been entitled “Coronavirus (COVID-19) guidance and support.” so they look as authentic as possible.
Once the individual reaches the malicious website, they are asked for sensitive information – like passport details – for ‘authentication’ and ‘verification’. Griffin Law states that around 80 self-employed workers based in London have received this kind of scam via their accountant.
Phishing emails related to coronavirus tend to contain malicious links. Clicking on these links often downloads Trojan software or even ransomware onto your device. The links tend to follow similar trends such as:
- “Click this link to find out about recent cases of coronavirus in your area”
- “You are eligible for a tax rebate of 128.34 GBP as part of the government established refund program for dealing with the coronavirus outbreak. Access your funds now”
- “Click here to find out about surprising cures for the deadly virus”
Whilst many malicious URLs and email addresses can be easy to spot e.g. CDC.firstname.lastname@example.org, scammers are starting to use more covert links like https;//who.org/coronavirus-information, where the standard ‘https:’ has been converted to ‘https;’. These nuances are harder to spot and better at tricking people into believing they are authentic.
he moment a phishing attack is underway, scammers can get hold of your personal, business, and even financial information. Though much of the world’s activities have been on hold during COVID-19, phishing scams are rife and still increasing.
Although we are unaware of the long-time impact coronavirus will have on individuals and businesses, we do know the impact and effect COVID-19 phishing scams have had on millions worldwide. So, protect yourself against these attacks by understanding the tactics scammers use and keeping alert to any links that end up in your inbox.
Georgie is a Content Contributor for Hosting Ninja. She is passionate about sharing her enthusiasm for technology through her content writing work, with a mission to help others learn and understand what makes the digital world so successful.