The COVID-19 pandemic has severely affected people’s health and businesses across the globe. The cyber criminals are exploiting this crisis and causing further damage by orchestrating cyber-attacks on individuals and organizations. Phishing attacks are a much used form of cyber-crime and the fear already being generated by the COVID 19 pandemic is being leveraged by the attackers to draw users to open the malicious emails leading to compromised accounts, illegal wire transfers and data theft.
The phishing emails designed by the cyber criminals look to come from reputed organizations like the WHO or the CDC. These emails will contain messages regarding COVID-19 which can be things like offering cure to the disease or to offer monetary relief. These messages will contain links or attachments which the user will click or download. The links might have the terms “coronavirus” or “COVID-19” in their domain names. The downloads can be in the form of excel files or downloadable books offering valuable tips on staying safe and being healthy during these times.
There has been a big increase in the phishing websites that have come up during the COVID-19 pandemic. These websites are themed on the COVID-19 and mimic the websites of organizations like WHO, Center for Disease Control (CDC) etc. The hackers are seeing the opportunity during the COVID-19 due to the panic that it has created resulting in people forgetting even the basics of cybersecurity to ensure their own safety.
The fake websites also have a coronavirus themed domain registrations. Some of these apps claim to have created an app to protect you from the coronavirus. Some sites offer products like vaccine kits, face masks etc. They draw the user to buy their products and in the process steal credit card and personal information. As a lot of people are working from home so they are also spending more time on online entertainment. The phishing sites mimic sites like Netflix and steal account credentials of the users.
Tips to be safe
- Be very careful while opening emails from unknown senders or first time senders who might not be in your contact list.
- Verify whether the domain name in the email address of the sender is correct. You can even copy the domain name and try and open it in the browser to be sure.
- Be careful of unknown email ids and refrain from clicking links or download documents that they may contain.
- If you see spelling, punctuation or grammatical mistakes in an email the best way forward is to delete that email.
- Make sure that the domain name of a website that you are trying to open is a secure one starting with “https” rather than “http”.
- Never provide your username and password on any website or document as no one asks for this information.
- When entering personal information on a website, be sure to verify that the website is a legitimate site by searching on Google, Bing etc for the same.