As millions around the world are worrying about COVID-19, otherwise known as coronavirus, cybercriminals are using the concern of the general public to frame new attacks that could be putting your information at risk.
What is Phishing?
Phishing is defined as “the fraudulent practice of sending emails,” (we’d also add text messages) “purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.” You may have even noticed phishing attempts in your own inbox from time to time.
As technology has evolved, so have cybercriminals. Now, many phishing attempts are nearly unidentifiable when compared side-by-side with legitimate emails from reputable sources. While many users would normally be able to identify a phishing attempt, global concern surrounding COVID-19 can sometimes overwhelm common sense and lead to trusting a source that you’d normally write off as a scam.
How are criminals taking advantage of the coronavirus online?
During a time of crisis, minds across the world are racing at a mile a minute. People are tracking the latest news, waiting for press releases, and are tuned into their work announcement boards – there is an overwhelming internal need for information and a limited supply of official updates. We’re ready and waiting for the latest information, leaving many ready to accept even the smallest whispers of news as fact. This leads not only to the spread of misinformation, but legitimate information shared by lesser-known sources may be hiding a sinister cybersecurity threat.
Even on legitimate websites, ads may promise additional information or may appear to be clickable buttons, but the reality is that these may also pose a risk by installing malicious software on your machine.
Many are also preparing for the worst, stocking up on their most-needed supplies both in-store and online. With so many purchases being made, phishing messages falsely pertaining to orders of the most-needed supplies – those that anyone would be more likely to buy in preparation – are on the rise.
How to Fight Back Against a Phishing Scam
While many phishing scams are well-designed and complex, there are a variety of small precautions that can be taken. While these might not completely stop the threat of a cybercriminal's attack, every additional step that can be taken is creating is a step towards a safer online experience.
Go to the Source
If you’ve recently made a purchase online, go directly to the site that you made the purchase on to view any receipts or track the location of your package. For staying up-to-date on the latest news, be wary of emails directly from government offices and officials, businesses, or news sources. Always go directly to directly to a government source or news agency to limit the spread of false or skewed information.
Check the Sender
If you receive a message that seems legitimate, check the address of the original sender. While the “name” of the sender may seem legitimate, an unusual email address – or even one from an entirely different address – is often an immediate giveaway for a phishing scam
Go With Your Gut
The most powerful tool against phishing is by paying very close attention when you receive a message from an unusual source. If a message seems too good to be true, reads like clickbait, or is otherwise “off”, then it probably is. If you don’t trust a message but believe that it could still be from a valid resource, performing research on both the source and the content can help confirm or deny the legitimacy of the source.
What to Do if Your Information Has Been Compromised
If you believe that your information has been caught in a phishing scam, there are several steps that the FTC outlines in their official guide. If you believe that your banking information or Social Security number have been compromised, visit IdentityTheft.gov to begin taking steps depending on the type of information that you believe has been compromised.
If you unintentionally downloaded software via a link in a phishing email or message, ensure that your system’s security is updated and run a scan for malware and viruses. This will help you identify any malicious software that may have latched itself onto your machine to harvest information.
How to Report Phishing
Sharing is caring! Letting official organizations know about the phishing attempt and what it entailed helps categorize and share the latest strategies attackers are using. Below are steps shared by the FTC to share phishing scams with the Anti-Phishing Working Group and spread awareness about the newest attacks.
- If you got a phishing email, forward it to the Anti-Phishing Working Group at firstname.lastname@example.org. If you got a phishing text message, forward it to SPAM (7726).
- Report the phishing attack to the FTC at ftc.gov/complaint.
While times of crisis are taken advantage of by cybercriminals, these practices and responses should be followed throughout the year as we live our digital lives. Simply being vigilant, performing research, and sharing information related to the attacks can help us collectively fight back against those taking advantage of unsuspecting victims during an already difficult time.