Coronavirus Phishing Emails on the Rise

Coronavirus
WASH YOUR HANDS

A global health disaster like coronavirus is a golden opportunity for criminals looking to steal your personal information or money through Coronavirus Phishing Emails.

Portions of this article were reprinted from the website of consumer advocate, Herb Weisbaum, also known as Consumerman. His website is here: https://consumerman.com/

If you got an email from the Centers for Disease Control and Prevention or the World Health Organization about the Coronavirus outbreak, would you read it? Maybe click on a link? Cybercriminals are counting on it!

The outbreak is a dream come true for criminals who will use it as basis for email attacks designed to snag personal information, steal money and infect computers with malware.

Coronavirus phishing emails are on the rise. Malicious emails linked to the Coronavirus first appeared in early February, making it one of the first big phishing campaigns of the year.

“A global health disaster like this one, creates a golden opportunity for fraudsters, as there is no population or demographic that is not paying attention. As a result, the potential for impulse clicking is higher than normal,” said Adam Levin, a digital security expert who is chairman of CyberScout, a data security firm, and the author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.”

The bogus emails look legit

Coronavirus Phishing Emails may look legit, but they’re not! Those who click on the provided link in the email will wind up on a site created by criminals to steal the victims’ email credentials.

With the current Coronavirus phishing emails, fraudsters are designing their emails to look like they’re coming from the CDC or the WHO. They typically have an attention-grabbing subject line, such as “Coronavirus outbreak in your city (Emergency)” and often include the agency’s logo — cut and pasted from the real website — to add credibility.

At first glance, the sender’s email address appears to be legitimate, for example cdc-gov.org or cdcgov.org. The crooks create domains that are very close to the real CDC site — cdc.gov — making the deception easy to miss.

Even though the link looks like it will take you to the CDC.gov website about the Coronavirus, it will not.

You will instead, land on a fake Microsoft Outlook login page, created by the crooks to steal user names and passwords. Criminals control this fake Outlook page. There is no reason to provide login credentials to visit a public website, such as the CDC.

“Once they capture your login credentials, they can use them to get access to your email account and look for anything worth stealing.

BUT IT GETS WORSE

The bad guys have taken things to the next level, using the Coronavirus to infect computers with Malware!

Emails impersonating the CDC include attachments to click on that proclaim the need for the reader to open it to get advice on how to protect yourself. If you open this attachment, it will download Malware or Ransomware onto your computer.

Ransomware locks out all of your computer files and demands a ransom payment to unlock your files. I have written more extensively about Ransomware in a prior article that you can read here.

Just remember that health agencies are NOT sending out mass emails about Coronavirus. There are plenty of legitimate news websites and the CDC website, CDC.gov  itself with important updates and everything you need to know about the Coronavirus outbreak.

How to protect yourself from coronavirus scams

You need to be skeptical of any email that asks you to click on a link or open an attachment — even when the email seems legitimate.

In most cases, you can probably get the information you need by typing in the URL yourself. For the latest on the Coronavirus outbreak go directly to the CDC website.

TIPS TO PROTECT YOURSELF:

  • Don’t be taken in by the sender’s name.Scammers can put any name they like in the “from” field.
  • Look out for spelling and grammatical errors.Not all crooks make mistakes, but many do. Take extra time to review messages for telltale signs that they’re fraudulent.
  • Check the URL before you type it in or click a link.If the website you land on doesn’t look right, steer clear. Do your own research and make your own choice about where to look.
  • Never enter data that a website shouldn’t be asking for. A site that’s open to the public, such as the CDC or WHO, will never ask for your login credentials.
  • If you realize you just revealed your password to impostors, change it as soon as possible.The crooks try to use stolen passwords immediately, so the sooner you change your password, the more likely you are to stop them for doing anything malicious.
  • Never use the same password on more than one site.Once crooks have a password, they’ll try it on every website where you might have an account, to see if they can get lucky.
  • Turn on two-factor authentication (2FA), if you can. Yes, it’s a slight inconvenience to enter a six-digit code when you want to log on, but it’s a huge barrier for the crooks. With 2FA, a stolen password, by itself, is useless to them.

Prevention, Symptoms and Treatment of COVID-19

There’s currently no vaccine to prevent COVID-19. The best way to prevent illness is to avoid being exposed to this virus. The CDC recommends preventive actions every day to help prevent the spread of respiratory diseases, including:

  • Avoid close contact with people who are sick.
  • Avoid touching your eyes, nose and mouth.
  • Stay home when you’re sick.
  • Cover your cough or sneeze with a tissue, then throw the tissue away.
  • Clean and disinfect frequently touched objects and surfaces using a regular household cleaning spray or wipe.
  • Follow CDC’s recommendations for using a face mask. (see below)
  • Wash your hands often with soap and water for at least 20 seconds, especially after going to the bathroom, before eating and after blowing your nose, coughing, or sneezing or being out in public.
  • If soap and water aren’t available, use an alcohol-based hand sanitizer with at least 60% alcohol. Always wash hands with soap and water if hands are visibly dirty.

MORE TIPS FROM THE CDC:

The CDC doesn’t recommend that people who are well wear a face mask to protect themselves from respiratory diseases, including COVID-19.

Face masks should ONLY be used by people who show symptoms of COVID-19 to help prevent the spread of the disease to others. The use of facemasks is also crucial for health workers and people who are taking care of someone in close settings.

Reported illnesses have ranged from mild symptoms to severe illness and death for COVID-19 cases, the CDC said. Symptoms may appear two to 14 days after exposure to the virus and include fever, cough and shortness of breath.

There’s no specific treatment recommended for COVID-19. People with COVID-19 should get care to help relieve symptoms. For severe cases, treatment should include care to support vital organ functions, the CDC said.

People who think they may have been exposed to COVID-19 should contact their healthcare provider immediately.

CYBERSECURITY RESOLUTIONS

As 2018 comes to an end, I am putting together my recommended list of Cybersecurity Resolutions for 2019. Although the number of data breaches went down in 2018, the actual number of individuals affected by those breaches dramatically increased.  So, you must continue to remain ever vigilant if you want to protect yourself.

Cybersecurity Resolutions to head off Cyber disasters
Head Off Pending Disasters

Here are some important Cybersecurity Resolutions you should adhere to.

  1. I WILL USE STRONG, LONG, STEALTH PASSWORDS that are unique for each different website. A good password is one that uses a combination of upper and lower case letters, numbers and special characters. Don’t use the same password for different websites. Be creative and don’t use obvious things like your Mother’s Maiden name, your date of birth, street address, your pet’s names, etc. Your social media page will give any scammer clues of what you might use to create a password. So, don’t make it so easy for them to crack it.
  2. I WILL KEEP MY SOFTWARE UPDATED as soon as I am notified that an update is available. If you do so, in a timely manner, then you won’t have to worry about your devices getting compromised. Set your programs to perform updates automatically.
  3. I WILL BACK UP MY FILES REGULARLY. Backing up your files has become an essential security continuity practice. If you are a victim of Ransomware, a Malware infection or even Mother Nature, you’ll be glad you backed up your data to a separate hard drive or thumb drive. Always remove the backup device from your computer after doing the routine backup.
  4. I WILL USE 2 FACTOR AUTHENTICATION WHENEVER POSSIBLE. Also known as 2FAs, it adds a second layer of security onto your account access, by confirming that you are who you claim you are. It also protects you from those who unlawfully attempt to access your account. Not all businesses and online accounts offer this extra security, but take advantage of the companies that do.
  5. I WILL ONLY VISIT SITES THAT BEGIN WITH HTTPS. Not every website, even some popular ones, begin their web address with the more secure HTTPS. It is not safe to enter any of your personal information on a website that begins with HTTP instead of HTTPS. The “S” stands for secure. Security must go hand-in-hand with privacy. There are extensions that you can install to your browser that will only connect automatically to HTTPS versions of websites. For example, try installing “HTTPS Everywhere” on your google browser. It’s what I use.
  6. I WILL HANDLE MY EMAILS CAREFULLY. Repeat after me: I will never click on links or open up attachments in any email unless I am 150% sure that the email is legitimate. Emails are the easiest way a criminal can gain access to your system. Ask yourself, does the email seem fishy? Is the grammar and spelling correct? Does it sound too good to be true? OR does the email contain an urgent message that you must click on in order to solve a problem? These are all telltale signs of a phishing email. If you click on that link, or open that attachment, you will surely infect your computer. Hover your mouse over the sender’s email address and see if it appears legitimate. My advice is to go onto the business’ website by typing in the URL yourself rather than the provided link in the email. Don’t hesitate to call the business to verify that the email is legit. Most companies will never ask you for your personal information.  You’ve been warned!!!
  7. I WILL BE CAREFUL AND THINK BEFORE I POST. Privacy is dead. Whatever you post is open season for anyone who wants to exploit that information. Sharing details of a personal nature can be dangerous. Criminals can and will use your information against you. The information you so freely give away online, can be used to access your accounts or steal your identity. Tone down the stuff you post about yourself or people close to you.
  8. I WILL KEEP ABREAST OF THE LATEST CYBERSECURITY THREATS AND SCAMS. Knowledge is power! The more you know the more you’ll be able to protect yourself and your loved ones.
Cybersecurity Resolutions to help lprotect your data
Everyone is after your data! You must protect it.

So, there you have it.  If you follow these Cybersecurity Resolutions, you’ll be a whole lot safer from scammers, crooks and fraudsters in 2019.  Stay safe out there and Happy New Year to all.