Cybercriminals routinely take advantage of major world events as a pretext for their phishing attacks. During tax season or in the weeks leading up to a major sporting events like the Olympics and March Madness, there is a rush of phishing emails. These emails take advantage of heightened emotions and the desire for the latest news.

COVID-19 Phishing Attacks

The ongoing COVID-19 pandemic has provided cybercriminals with an opportunity to seize on the widespread fear and uncertainty. Phishing emails have already begun, using pretexts such as:

  • Breaking News: Some phishing emails use a live map of the spread of coronavirus as a way of spreading malware.[1]
  • Special Offers: Phishing emails will offer “too good to be true deals” on surgical masks and other medical equipment.
  • Vaccination: Scammers may promise access to a special vaccine; however, experts estimate that it will take between a year and eighteen months to create one.[2]
  • Investment Opportunities: Some phishing emails offer unique investment opportunities taking advantage of the coronavirus outbreak.

These are just some of the pretexts currently taking advantage of COVID-19; it is not an exclusive list. When seeking information about the coronavirus, it is best to visit the CDC website.[3]

Identifying a Phishing Email

Cybercriminals have become extremely sophisticated and skilled at crafting realistic emails for use in their campaigns. During events like the current COVID-19 outbreak, people are desperate for news and less likely to perform due diligence before clicking on an email link or opening an attachment. Cybercriminals take advantage of this in their attacks.

Before opening or acting on any email dealing with COVID-19, or any other event, it is important to consider the following:

  1. Is the email expected? An unsolicited or otherwise unexpected and unusual email may be part of a phishing attack.
  2. Does the sender’s address look right? If the sender’s email address is misspelled or uses an unusual domain, it is coming from a completely different email account.
  3. Does the body of the email seem legitimate? Check for misspellings, grammatical errors, and stylistic discrepancies.  All of these are potential indicators of a phishing email.
  4. Do links point where they should? Hover over links and check to see if the target address points to where you expect.  Check for misspellings and other oddities.
  5. Does the attachment make sense? If the email has an attachment and doesn’t need one or the filetype of the attachment is odd, then it is probably a phishing email.
  6. Does the email evoke a sense of urgency? Cybercriminals use urgency to bypass peoples’ mental filters.  Slow down and consider whether the email makes sense.
  7. Does the email request sensitive information? If so, it is probably a phishing email, and you should not respond or click on any links.

Beyond answering these questions, stop and consider if the email “looks right” to you.  If something feels wrong—don’t open it. Additionally, if you can obtain the same information from another (more reputable source), do so instead of opening a suspicious attachment or clicking on a link.

Responding Properly to Phishing

It only takes a single successful phishing attack for a cybercriminal to steal credentials or infect a machine with malware. If you are suspicious of an email, forward it to your IT department and delete it.  By reporting the email, you not only protect yourself, but you also play a vital role in helping your IT department to protect your organization.

Sources

[1] https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/
[2] https://www.latimes.com/science/story/2020-03-12/why-does-it-take-so-long-to-make-a-coronavirus-vaccine
[3] https://www.cdc.gov/coronavirus/2019-ncov/locations-confirmed-cases.html