Cybercriminals are taking advantage of the growing concern and uncertainty around the current coronavirus (COVID-19) crisis. They are conducting social engineering (phishing) campaigns using malicious emails that appear to be from public health centers and government agencies. These emails lure victims into clicking a link or opening an attachment with the promise that the information contains guidance on preventative measures to protect them from the coronavirus. Once opened, malware is downloaded to the victim’s device.
What can I do to prevent this?
Remain vigilant when using your company and/or home devices, applications and systems. Take extra time reviewing emails for possible phishing and social engineering attacks, including this current coronavirus-based campaign.
Before you click on a link, open suspicious attachments or enter any type of login credentials, follow the “STALL” method:
- S – Sender: Do you know the sender?
- T – Tone: Is the message urgent? If you know the sender, does the tone seem different than usual? This could be a sign that the sender’s address has been spoofed.
- A – Attachment: If there’s an attachment in the email, were you expecting this attachment? Does the attachment have an odd file type? Watch out for .EXE files!
- L – Link: Hover over the link – does it look correct? Beware of shortened URLs.
- L – Login: Why is the email asking you to log in?
Always remember that legitimate companies and organizations will never ask for passwords, social security numbers, bank numbers or other personal sensitive data via email.