Its difficult to remain calm when we are constantly bombarded with the ever-rising figures of people infected by the coronavirus, the travel bans and possibly the most terrifying, videos of people dropping down dead in the street. Although authorities and imploring citizens to remain calm, health professionals in hazmat suits wander the eerily empty streets trying to save the ill. Scammers have decided to take advantage of the widespread panic to send out phishing emails claiming to contain helpful advice and updates on the corona virus outbreak.
Researchers from Kaspersky have reported that these emails claim to be sent by the U.S. Centers for Disease Control and Prevention and the World Health Organization containing malicious links and PDF attachments. Wired Magazine reported on the issue stating that the email prompt victims to: "Go through the attached document on safety measures regarding the spreading of coronavirus," reads the message, which claims to come from a virologist. "This little measure can save you." Upon clicking this link, you are redirected to a site designed to gain access to your email credentials. Some of these emails even include a subject line claiming that there has been a coronavirus outbreak in your area: “Coronavirus outbreak in your city (Emergency)” and often include the agency’s logo from the website to make the email look legit. The files included in these emails contain Trojans (programs that are downloaded onto your computer and can be coded to make certain changes to your computer) and worms (malicious software that infects your computer) which scammers use to destroy, block, get access to and copy the personal data and files on your computer.
It is important to note that the sender's email address domain looks very similar to that of Disease Control - cdc-gov.org or cdcgov.org. However, the legitimate email address of disease control would contain cdc.gov - a simple detail that is easily looked over.
Kaspersky researchers have reported another set of phishing mails asking victims for donations in Bitcoin on behalf of the CDC to help fund its “incident management system” that’s coordinating the response to the coronavirus. The set of emails read: “Funding of the above project is quite a huge cost and we plead for your good will donation, nothing is too small. From $10 to any amount.” However, the CDC is funded by US tax as it is a government organization and will not ask for donations of any type. It is common for scammers to prey on the fear and confusion of their victims amidst the chaos, eliciting a sense of panic, urging you to act immediately for your safety. Experts have seen scammers piggyback on emergencies in the past and have been expecting these types of reports - they also foresee these types of scams continuing until the hype dies down.
So how do you avoid becoming one of the helpless victims:
1. Don't trust the sender’s name - even if the name seems legit or looks familiar - There can be very small, barely noticeable discrepancies that can be easily looked over. Check the sender's email domain and see if it matches the website of the organization they say they work for. Then, check the URLs included in the email - they should contain the name of the organisation too.
2. Read through the email Meticulously - spot any spelling or grammar mistake, discrepancies in information. Not all scammers will make these mistakes but some might.
3. Check the URL before you click on it. You can also copy and past the link into your search engine - this should reveal whether the page is legitimate. Study the landing page carefully - even if it looks like your email login page - take your time to identify any discrepancies.
4. Don't enter your data into public websites that shouldn't be asking for your information - the WHO and CDC wouldn't ask for your email username or password. These websites are created for public use, designed to provide information without anything in return.
5. Don't duplicate your password on multiple accounts. Once sca,,ers have uncovered your password, they will try it on multiple sites and platforms - If one platform is compromised, they all will be.
6. Activate the two factor authentication feature on all apps and sites that contain sensitive information. If a scammer happens to get hold of your password, they still wont be able to login and you will be notified when someone else logs into your accountv
7. If you suspect that your account has been compromised, change all your passwords immediately and activate the two factor authentication feature.
8. Attend the International Fraud Prevention Conference to ensure you are up to date with the latest cyber and fraud trends as well as the most effective way to protect yourself and your business. Buy your tickets HERE