Growing interest in up-to-date news on the COVID-19 (Coronavirus) is making many vulnerable to online cyber scams. Hackers are exploiting the public's need to feel safe and in control through phishing attacks.
According to Symantec, one phishing email with the CDC Health Alert Network claiming to provide a list of local active infections. The link took eager readers to a signup form that collected emails and passwords. Once these email/password pairs are stolen and then in the hands of a cybercriminal, the damage can be catastrophic.
3/18/2020 UPDATE:
The United States Secret Service Department of Homeland Security issued a COVID-19 (Coronavirus) Phishing Alert press release .
A trusted partner, KnowBe4 posted a great article that outlines several other Coronavirus email scams.
Hackers can also scam you toward clicking a link, opening a PDF, or installing a program that infects your computer.
Cybercriminals are always trying to find current events that impart fear into the public. When someone is in a state of panic, it's much easier to exploit them. The Coronavirus outbreak is just what is going on today. But tomorrow there could be another issue.
Here are a few reminders:
When it comes to the Coronavirus, the US Center for Disease Control & the World Health Organization are where you will find some good news about the COVID-19 outbreak. But this concept of trusting reputable sources goes beyond Coronavirus. Take the stock market for. example, which has been affected by the outbreak. There were trusted resources that you may have looked to for stock market concerns (your brokerage), keep looking to those rather than click on a small niche site that may have "secret" information on how to position yourself.
There are several red flags of a social engineered email. But here are a few: Read the entire address. Many phishing criminals will use email addresses that look similar to addresses that you might think familiar. For example: info@(insert your bank name)897237.com. Look for generic greetings that don't include your name. Ie. "Dear sir," "Hi there," etc.
Even from so-called reputable sources, that give you unexpected information that drives up your anxiety. More likely than not, it's a scam. For example, if you are unsure and the call is from your bank or medical facility, and you are not expecting it, hang up and call back on a recognized number. More often than not if it was important and a real call, you will get a hold of the correct person when calling your bank.
If you are not sure if you have been a victim of a phishing attack, immediately call your trusted technology support provider. They will be able to help you get back on track if your computer or server got locked up, and should also be able to provide you with some ideas of how to safeguard yourself if you gave away a password in the attack.