Cyber criminals are taking advantage of the coronavirus 2019 (COVID-19) pandemic to trick people into clicking dangerous links and downloading dangerous files.
Beware of suspicious emails and new applications that purport to deliver information about COVID-19.
Phishing Emails about COVID-19
Be suspicious of any email you receive about COVID-19. You might get email pretending to be from a government agency or from your employer. But the email might be a phishing email with a dangerous attachment, such as a file containing ransomware, or a link to a site that will collect your login credentials and use them to break into one of your accounts. (Phishing emails are email messages that pretend to be from a legitimate sender in order to trick the recipient into taking some kind of dangerous action.)
Norton has shared examples of phishing emails they’ve detected that capitalize on the public’s interest in COVID-19. Their examples include:
A phony CDC announcement urging recipients to click on a link for information about the COVID-19 outbreak in their area.
A phony email about health advice, urging recipients to follow all the safety measures in a PDF attachment.
A phony email about company policies for working from home and staying safe.
Be on the lookout for emails like this. You’re bound to get a few.
Keep in mind:
There’s no reason for the CDC to have your email address.
You can get all the updates you need from the CDC and other websites, which you should navigate to in your browser. Don’t click on links in email to navigate to these sites.
You may work for a company that is emailing updates and policies, but scrutinize these email messages carefully to make they’re genuine.
Norton offers some good advice for detecting phishing email:
Look for generic greetings (“Dear Employee” or “Dear U.S. Citizen”).
Look for typos, which continue to be common in phishing emails.
Beware of messages asking for your Social Security number and other personal information. There’s no reason you should be sharing this information through email.
Inspect email addresses and links for anything that looks unusual.
You’ll find Norton’s blog post here.
A new website, Corona Virus Phishing, is compiling an ever-growing list of email and file-sharing scams related to COVID-19. Check out the site if you get an email or Dropbox request that you weren’t expecting about COVID-19.
The scams keep evolving. For example, a new phishing attack is spoofing the domain name splashmath.com to circumvent email security programs, so be on your guard if you see that domain name show up in an email about COVID-19.
My ebook Safety Net offers additional tips for inspecting suspicious email messages.
Reliable Sources of Information about COVID-19
You’ll find reliable information about COVID-19 here:
Dangerous Mobile Apps about COVID-19
Criminals have also created at least one dangerous mobile app that pretends to offer COVID-19 information, but that include malware that steals information from your computer.
MSN has reported on an app that relays information from the virus-tracking dashboard from Johns Hopkins University but that also includes malware that collects user IDs, passwords, browsing histories, and cryptocurrency keys.
My advice: Don’t download any mobile apps about COVID-19. Public health authorities, including state and local health agencies, will make all information available to the public through websites and news bulletins. (If Apple and Google develop new apps for contact tracing, I’ll reconsider this advice.)
Apple is removing any COVID-19 apps from their App Store if they’re not from a verified health organization. Myself, I’m sticking to websites rather than apps for sources of information, all the same.
Be healthy, be safe online, and take care.