Defending Yourself Against Covid Related Scams

We’ve shared information more than once in the past about how to avoid phishing and other risks – malware, ransomware, etc.

The “Bad Guys” couldn’t be happier about Covid, I assure you. The pandemic and constant news about it has made most of us stressed and anxious, and more vulnerable to attack.  Consider yourself lucky if you haven’t had one of the Covid related scams show up in your Inbox.

Google has reported more than 18 million daily malware and phishing emails related to COVID-19 scams just in the past week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus, the company says.

The phishing attacks and scams “use both fear and financial incentives to create urgency to try to prompt users to respond,” Google says. In other words, same email scam, different subject line.

These scams include impersonating government organizations like the World Health Organization to try to solicit donations or trick users into downloading malware; pretending to have information about government stimulus payments; and phishing attempts aimed at workers who are working remotely.

Examples include emails purportedly sent from a governmental agency:

A screenshot of a social media post Description automatically generated

Workplace Policy Emails

Some scams would like you to believe your employer is asking you to review your company’s new “safety measures.”  If you click on this link, your computer/network could be infected with a virus or malware.

A screenshot of a cell phone Description automatically generated

Some go as far asking you to read and acknowledge your company’s new policy:

A screenshot of a cell phone Description automatically generated

Because many of us are working remotely for the first time, it isn’t as easy to stop by your human resources department to confirm if this is a legitimate communication.

Reminders for Recognizing Phishing Emails

  • Like other types of phishing emails, Covid themed email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft.
  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data. The IRS is not going to email you asking for your bank account for your stimulus check.
  • Reminder – you can inspect a link by hovering your mouse button over the it to see where it leads (don’t click!). If it seems sketchy, delete the email.
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

FBI Warnings

 People are also urged to be on alert for attackers selling products that aim to prevent or treat COVID-19, as well as counterfeit sanitizing products and personal protective equipment.

The FBI has also reported there are numerous fraudulent apps available that offer to keep you informed, while infecting your computer or mobile device instead.

Bottom line take the time to scrutinize emails now more than ever. If something seems out of context, take the time to call the sender to confirm the communication is legitimate. Never share personal email via email, especially now.

Terrapin is here for you…

Your Terrapin techs are working and are available to help you confirm whether communications are legitimate. It is always better to be safe than sorry. Be safe!