Cybercriminals have been creating malicious emails, websites, and apps for a long time now. It should come as no surprise that they’ve started creating COVID-19 versions using the same tactics. Once again, the most popular delivery method has been phishing emails.
The Problems COVID-19 Presents
COVID-19 has overtaken our lives. As such, many people are looking for as much information as possible. Some concerned about catching the virus are interested in learning about testing options. Cybercriminals have crafted phasing emails that promise coronavirus testing information.
Small businesses and workers across the country have been hurt financially during this time. Thus, the US government put together the stimulus package and loans to help people stay afloat. Some funding comes from the Small Business Administration. Consequently, a phishing campaign poses as the SBA and sends documents that need signatures. You can see an example below.
In either case, these phishing emails are preying on people interested or concerned about the coronavirus. People will click on the link or attachment within the email they received. As a result, they’ve opened the door to malware. This malware collects sensitive information and can even take control of a victim’s device.
IBM X-Force’s COVID-19 Study
IBM X-Force, IBM’s threat intelligence group, conducted its 2020 Consumer & Small Business COVID-19 Awareness Study earlier this month and released the results this week. This report shows how dangerous the threat really is. For example, 46% of those surveyed said they expect to receive official information regarding COVID-19 via email. One-third expect to hear from the World Health Organization via email. 35% expect to receive communication from the IRS via email.
Why is this a problem? If people expect to receive email from the government regarding COVID-19, they’re much more likely to fall for coronavirus-related phishing attacks. The FBI recently reported that cyberattacks have jumped by a staggering 400%! In a single month, coronavirus spam rose by 4300%.
Most people don’t understand that government agencies, such as the IRS, will not initiate contact with you via email. It’s a known phishing attack that’s been around so long that the IRS has a standing warning. The IRS only emails you if you email them first.
How To Avoid COVID-19 Scams
The following recommendations come straight from IBM X-Force. Arm yourself with knowledge, and share it with those you know.
- Use trusted sources. When looking for information, go directly to the website of the organization instead of clicking on links to redirect you there.
- Don’t open unsolicited attachments. Never open attachments or links from unknown sources.
- Be on alert for COVID-19-related scams. Do not engage with unsolicited emails or texts pertaining to small business relief funding, the Paycheck Protection Program, or unemployment funding. These emails will typically try to prompt you to share sensitive information, spoof login pages to steal sensitive account credentials. or lure you in to open malicious attachments.
- The IRS will never email you. For security reasons, the IRS will never email or call people. Instead, you’ll receive communications from them via snail mail. The institution has been directing people to IRS.gov to address questions.
- Watch out for fraud speak. This includes a peculiar use of words, odd spelling (e.g., British English), and typos in emails that spread a sense of urgency or fear.
- Update and patch. Nearly 90% of vulnerabilities spammers exploited in 2019 were traced back to known vulnerabilities. It’s essential to update your software and make sure your antivirus is always up to date.
- Use multifactor authentication (MFA). Use multifactor authentication on anything that enables remote access. For example, if you have MFA on your bank account and someone tries to log in, they can’t do so without your authentication.
Looking for More Tips?
Blog posts with various IT tips and news are released every Friday. We publish new episodes of Tech Tip Tuesday as often as we can. You can view previous episodes in our Tech Tip Tuesday library. Click the Sign Up or Subscribe button on this page to subscribe and receive every tip directly in your inbox each week. Pit Crew IT Services can also help your organization with any IT needs you might have. Get started with a free consultation using the button below.