Two years into the pandemic and phishers are devious as ever. It is no longer enough to consider yourself protected by recognizing traditional phishing email scams. It is essential to stay up to date with current tactics that are being used in COVID-19 phishing scams and the language that hackers use. Failing to do so will leave you vulnerable to having your personal data infiltrated.
How to Spot COVID-19 Phishing
Here are four COVID-19 phishing ploys that our BriteProtect User Awareness training team is currently seeing across the board. Let’s go through them one by one to find out exactly what makes them “phishy.”
CDC, Testing & Vaccine Scams
Phishing emails that surround the topic of COVID-19 itself have skyrocketed. Anything related to coronavirus, especially if it contains the words “urgent,” should raise an eyebrow. Be wary of fake COVID tests and testing sites, free tests, kits, and vaccines. Be suspicious of emails from the CDC about confirmed cases, too. If you do receive an email such as these, look at it carefully. Is it from a non-government URL? Is it from a similar domain, but it isn’t quite correct? Do not click on it.
Take a Look
This one is a bit tricky – look at the subject line. If the email is so “urgent” then why isn’t there any important information in the body of the email? The only thing in there is a document to download. Sketchy.
Travel scams have taken off and aren’t slowing down anytime soon. Information surrounding vacation policy or itinerary updates, travel cancellations and restrictions are common. Keep your eyes peeled for shady offers for cheap deals or upgrades as well. These emails typically don’t come from a legitimate business source like a travel agency or airline. Rather, they come from janky email addresses.
Take a Look
This is a nice-looking email, isn’t it? Not so fast! Look closely at the “from” email address. Does that URL look like a credible business email to you? We didn’t think so either.
All sorts of workplace phishing scams have popped up surrounding COVID-19. Look for language related to reopening, hour changes, work from home policies, mask updates and HR vaccine status requests. Also common are emails from IT, help desks and survey requests. If you get an email like this, make sure you know it’s legitimate before clicking on any links.
Take a Look
Talk about poor grammar. Fragment sentences, incorrect use of commas and wrong capitalization plague this email. Check out the strange link, too – it starts with gcc02 – that is not very credible. Most damning of all, the author threatens to delete the reader from the database if they fail to act. No legitimate IT department would do such a thing.
Insurance & Bank Scams
Attackers can easily dupe users with insurance and bank scams since these businesses deal with sensitive information on a regular basis. Branch reopening schedules and hour changes are common as well as password change prompts. Be on the lookout for anything that wants you to take immediate action.
Take a Look
For starters, this email refers to COVID-19 insurance. Ask yourself this – did you buy any insurance from the sender? If not, you know it’s phony. Other ways to tell this is a hoax include the interesting spelling of “update,” or should we say “up-date,” along with some missing periods at the end of sentences. Overall, the text just doesn’t read well.
Treat your inbox like a warzone – always be on the lookout for the next landmine. Analyze every email before opening and be sure it’s legitimate before clicking any links. It’s tedious to have to constantly watch your every step, yet necessary to keep your data safe.
Remember, the more prepared you are the better. Many businesses have found success in user awareness training programs which educate employees on the foundations of spam, phishing and spear phishing, malware, ransomware and social engineering. Employees are then able to use their elevated knowledge in their day-to-day jobs.
Phishing attacks are constantly evolving and take advantage of any situation – even a global pandemic like COVID-19 – to get what they want. Stay on top of the current language, recognize the red flags and educate yourself so you can spot phishing scams and attacks when – not if – they hit your inbox.