This time last year, increased reports of scams and phishing attempts referencing COVID-19 captured our attention causing us to be vigilant to protect our businesses and patient information.
Fast forwarding to this year, many states have begun to lift COVID-19 restrictions, but the bad actor’s scams and phishing attempts have not let up. They continue their tactics to entice us through scams and/or phishing attempts.
Many times these attacks appear as innocent emails seeking assistance or providing information regarding the COVID-19 crisis. Bad actors are taking advantage of this crisis to prosper or do damage. Their criminal actions are becoming increasingly sophisticated and look very official, as if coming from government agencies and health organizations.
Today and always, let us remember, it is critical to continue vigilance with all email correspondence and access to websites, but particularly those referencing COVID-19 updates, maps, donations, notifications etc.
To avoid becoming a victim, follow the guidelines below:
- Never click on links or open attachments within unexpected emails.
- If you receive a suspicious email appearing to come from a legitimate organization such as CDC, WHO, FEMA etc., confirm its legitimacy. Make sure links direct you to the official site by hovering over the link. Report suspicious email to your company’s Information Security Department.
- If you visit a website or receive a pop-up window directing you to a phone number for support desk assistance, DO NOT call the number, instead contact your company’s Information Security Department.
- Never share your password with anyone.
Continued trends noted to date include:
- Malicious websites – sites referencing coronavirus or COVID-19 in the URL. Thousands of new websites have recently been registered to distribute malware when the user accesses the site.
- Spam – emails trying to grab your attention to sell information or goods now in high demand such as masks, hand sanitizers, COVID-19 drugs, etc.
- Phishing – emails posing to be from legitimate organizations such as the Centers for Disease Control and Prevention (CDC), the World Health Organization (WHO), the Federal Emergency Management Agency (FEMA), etc. These emails contain malicious links, and some are collecting personal information.
- Fake charities – emails and websites asking for donations for studies, healthcare professionals, victims, or other activities related to COVID-19.
- Fake internal HR or IT communications such as coronavirus surveys pretending to be from your company’s HR or IT department – these sites are attempting to obtain your User ID and password or other personal information.
- Fake notification of infection – beware of emails reporting you have been exposed to an infected individual, particularly ones asking for personal information to proceed.
Always Think Before You Click.