Be Aware of Online Coronavirus Scams

During a public crisis, hackers are more than ready to take advantage of the visceral fear that can be felt worldwide. The novel coronavirus is rapidly spreading and with it comes an increased spread of malware and phishing attacks cloaked as fabricated good causes. It’s important business owners are aware of these attacks and can educate their staff, especially if they will be working from home.

The US Cybersecurity and Infrastructure Security Agency (CISA) recently reacted to the pandemic by saying:

“Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment or hyperlink, and be wary of social media pleas, texts or calls related to COVID-19.”

Below we will breakdown potential coronavirus scams to avoid.

Coronavirus Phishing Scams
Any unsolicited email that encourages you to click on an attachment or enter personal information, should make you think twice. Unfortunately, these classic phishing schemes still lure innocent users into clicking on a malicious link or giving personal information daily.

With the spread of COVID-19, individuals are looking to donate and support causes that assist high-risk individuals and provide food to those in need. While many of these causes are safe to donate to, hackers have carefully crafted causes that look and feel legitimate, so when you click to donate you can easily be confused.

Organizations can take precautionary steps today to help protect their employees from these despicable attacks. CISA recommends employees turn off the option to automatically download email attachments. While not all email platforms provide this option, the majority will have this feature.

Social engineering attacks – scams designed for users to hand over sensitive information by extremely personal targeting tactics—have become a common occurrence during times of crisis. Businesses can prepare by reading up on how to avoid social engineering and phishing attacks.

As a good rule of thumb, never reveal personal or financial information in an email.

Coronavirus Charity Scams

During times of distress, the compassionate in our society step up and donate to charitable organizations that help alleviate suffering. Before we donate online, it is critical we take a few moments to research the organization we are donating to.

The Federal Trade Commission has a Charity Scams resource page that could save you heartache and your bank account from running dry. You can also review charity sites such as give.org or guidestar.org to review whether the charity is listed as a credible source.

Review Your Sources
There is a wide range of ways a scammer can display misinformation that can lure unsuspecting victims into a position of revealing comprising information. Facebook groups that offer COVID-19 cures, trending videos of self-proclaimed health experts sharing “best practices” to large audiences. While it can be difficult to sort through what is credible information and what is scam-baiting, there are a few techniques that can help you.

• About Section
  • Specifically on Facebook, users can look at the “About” section and review the account’s name history. If the group has changed its name multiple times to reflect different crises, it is a sure tell sign the group is preying on vulnerable people.
• Seek Out Credible Sources
  • You many happen upon a user whom you deem to be a credible source for information. Before you believe what they have to say as truth, seek out a trusted resource and double-check the two sources have similar suggestions. Trusted resources may include government authorized accounts and news outlets.
• Review Government Sources
  • If an account claims to be a government publication, you can trace their URL to ensure it ends in.gov.

How Do You Avoid Being a Victim?

The best way to avoid being a victim is to educate yourself on the tips below:

• Be suspicious of all unsolicited phone calls, visits or email messages that ask for personal information or information specific to employees you work with.
• If an unknown visitor claims to be from a legitimate organization, try to verify their identity with the company.
• Do not reveal personal or financial information in email.
• Do not send sensitive information over the internet before you review a website’s security.
  • Look for URLs that begin with https.
  • Look for a closed padlock icon- this is a sign your information will be encrypted.
• If you are unsure whether an email request is legitimate, try to contact the source directly for information.
• Take advantage of anti-phishing features from your email client and web browser.