Daniel William

As the Coronavirus Disease 2019 (COVID-19) pandemic continues to sweep across the globe and push government health services to the brink, criminals have taken advantage of the widespread chaos. With a continuous torrent of information about the virus flooding the internet, bad actors are using the confusion to launch phishing attacks and scams. Cybercriminals target regular people as well as healthcare front-liners and first responders.

Be wary of phishing attacks and scams.

Cybercriminals impersonate legitimate organizations and send emails with information about the coronavirus. The email messages may contain an embedded link/attachment for the latest statistics, instructions on how to stay secure, downloadable forms, or anything related to the COVID-19 pandemic. If you click on the link or attachment, you’re likely to download malware onto your system or be redirected to an infected website.

Common phishing and scam emails pretend to be CDC alerts that claim to have information about COVID-19 in your area.

Look out for health advice emails that pretend to contain useful medical advice that can help front line healthcare workers protect themselves. These emails pretend to be either from medical experts near Wuhan, China, or the World Health Organization (WHO).

Some criminals have also targeted company email containing a fake company policy attachment infected with malware. Watch out for emails with generic greetings (no names), grammatical errors, spelling mistakes, and messages that insist you “act now.” These are most likely phishing attempts.

What does malware do?

Malicious software or malware can give cybercriminals a backdoor to your computer that allows them to take control of everything without you knowing about it. Threat actors can install programs that log your keystrokes or software that can harvest your personal and financial data, which can be used for identity theft.

You can prevent malware from infecting your system by installing security software (antivirus, firewall, VPN, password manager) from a trusted vendor. You can also mitigate the risks of identity theft by proactive identity monitoring. There are a lot of paid identity theft monitoring services that can watch out for data breaches and the illegal use of your credentials.

Practice good online hygiene

Exercise caution when handling unsolicited emails, text messages and chat that contains a COVD-19-related subject line. These may contain links to fraudulent websites or attachments loaded with malware. Even if someone from your contacts sends you a forwarded message, don’t click on the link. Manually type the URL in your browser, and never download anything online unless it’s from a verified source. Never share your financial or personal data in an email or online form, and do not respond to anyone asking for this information, for whatever reason.

Always remain vigilant

Most of the pleas on social media, text or calls related to COVID-19 may also be scams, so be wary when you encounter one. Don’t believe everything you read. Only use trusted sources to get up-to-date information on COVID-19, such as legitimate news outlets and government agency websites.

The best places to find legitimate information about COVID-19:

Before making any donations to charity or sharing the link with others, verify its authenticity first by reviewing information from the Federal Trade Commission‘s page on charity scams.

Daniel William is content director and a cyber security consultant at IDStrong. His great passion is to maintain the safety of the organization’s online systems and networks. He knows that both individuals and businesses face the constant challenge of cyber threats. Identifying and preventing these attacks is a priority for Daniel.