Our IT partner have made us aware of a number of COVID-19 related scams which we would like to share, please keep your wits about you as they try to use this awful situation for their gain. Many of these are email-based phishing scams and are designed to lure an individual into a false sense of security by imitating well-known organisations and news sources. Some of the more common phishing scams that have been seen are:
Phishing scam impersonating the World Health Organisation:
Health advice emails (containing links to malware-infected documents):
Workplace policy emails (containing malicious links):
Phishing emails do not seem to be the only kind of scams doing the rounds at the moment, we have heard of numerous fake websites purporting to sell everything from laptops and software all the way through to PPE such as facemasks, gloves and hand sanitiser. Government websites are also being spoofed in order for cybercriminals to try and obtain business and personal information from those who are simply looking for help:
Notice the extremely false web address.
As well as the above there has been a large rise in SMS messaging scams, which similar to the phishing emails are trying to catch individuals with their guard down when they are most vulnerable…
Tips for recognizing and avoiding phishing emails:
In many cases your spam and content filters will block any malicious emails and websites, however, despite the fact many of us are working from the comforts of our own homes it is as always, vitally important not to let our guards down and be as vigilant as we usually are when working from the office.
Here are some ways to recognize and avoid coronavirus-themed scams:
• Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
• Check the email address or link. You can inspect a link by hovering your cursor over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
• Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
• Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
• Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.