COVID-19-Related Phishing & Smishing Attacks Soar
As the world eagerly awaits any updated news about the 2019 Coronavirus (COVID-19), cybercriminals have begun taking advantage of public chaos by releasing phishing scams related to the virus, in hopes of delivering malware or stealing information for a quick payout.
Some phishing emails claim to be from trusted sources, such as the U.S. Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). These phishing emails provide the recipient with false information about the virus, oftentimes warning them about recent cases in their area or newfound symptoms, followed by a link for more information.
Other emails will advertise resources such as safety measures and free COVID-19 testing kits to encourage people to enter sensitive information or click on a malicious link. These emails may appear to come from a doctor or medical facility, such as the email below, which appears to come from a medical expert in Wuhan, China.
Similar to phishing emails, a new term called “smishing”—SMS phishing or phishing via text message—is emerging. Security experts report that scammers are using legitimate-looking text messages referencing the delivery status of an order to trick consumers into revealing confidential information. Since the COVID-19 outbreak has become a global pandemic, consumers are being forced to shop online, dramatically increasing everyone’s reliance on shipping services. Cybercriminals are taking advantage of this development by sending fraudulent shipping alert text messages. These deceitful messages, which appear to be from major carriers such as UPS, FedEx, Amazon, etc., contain a fake tracking number and link that directs the target to update delivery preferences, while also requesting credit card information.
Tips to Identify Phishing/SmishingAttacks
- Verify the sender. Does the displayed email address match the actual “mailto:” address?
- Always look for spelling and grammar mistakes in the subject and body of the email.
- Refrain from clicking on links from unknown senders, and never send any personal information over email.
- When in doubt, navigate to the website in question outside of the email.
- Treat delivery SMSs as notifications instead of links.
- Check the URL in the address bar to ensure a site is secure before entering information. Secure site addresses being with “https”—the “s” stands for secure.
- Report compromised credit cards immediately.
- Be wary that some pages are designed to keylog what the end-user is typing without having to hit submit or finish.
For information about COVID-19, including symptoms, resources, and more, it’s best to go directly to a reliable source to avoid receiving any false information. The best sources to visit for information include the Centers for Disease Control and Prevention and the World Health Organization.