3 Tips To Avoid COVID-19 Phishing Attacks

Business leaders must increase cybersecurity as hackers deploy COVID-19 phishing scams. Emails target remote workers as a backdoor into company networks.  

How To Protect Business Networks From COVID-19 Phishing Schemes

Business leaders must increase cybersecurity as hackers deploy COVID-19 phishing scams. Emails target remote workers as a backdoor into company networks.  

The COVID-19 pandemic rendered offices and community spaces relatively unsafe. Now cybercriminals have increased their schemes to steal personal identity information and target remote workforces to breach business networks. Email phishing schemes appear to be the primary modus operandi of digital bad actors.

“Many of the emails, which often appear to be sent by WHO or the Centers for Disease Control and Prevention, pretend to offer new information about the virus,” according to Consumer Reports. “Some hint at the availability of a vaccine, and others claim to be from charitable organizations looking to raise money for victims.”

Although digital scam artists have used phishing emails ad nauseam, the latest wave of COVID-19 schemes reflects a new low for bad actors. Hackers are keenly aware that a greater number of people are working from home and are struggling with fear and anxiety. That combination makes individuals and business networks increasingly vulnerable.

“Like a good movie, scams get your attention by telling a convincing story,” says Consumer Reports’ advocacy division program director Chuck Bell reportedly said. “Con artists love to take advantage of new health scares, to cash in on the public’s fear and anxiety.”

But remote workforces do not necessarily result in cybersecurity gaps. Many business leaders are engaging third-party managed IT cybersecurity specialists to bring work-from-home personnel up to speed about COVID-19 and other emerging threats. These are three tips that can help valued employees identity COVID-19 phishing scams and avoid a business network breach.

1: Phishing Scams Explained

Hackers have a wide range of nefarious tools at their disposal. Phishing scams are ways to cast a wide net and breach a maximum number of devices and systems. These bulk email blasts are often masked to appear as if they came from a legitimate source. Recently, digital scam artists are pretending to provide information from health organizations, government entities, and offer critical health information, as well as products.

Once someone opens the email or clicks on an enticing link, malicious software downloads into your device. From there, hackers can seize control of personal, sensitive, financial, and business data. Many times, ransomware encrypts entire networks, and hackers hold businesses hostage, demanding a Bitcoin payout to sell back control of the files.

2: False COVID-19 Promises Trending in Phishing Emails

Understanding the modus operandi provides a framework for recognizing phishing scams. But the other side of the scam coin involves manipulating human emotions. Hackers are well aware that everyday people are experiencing a heightened sense of vulnerability. That’s precisely how they are hooking victims. These are COVID-19 content scams used in new phishing schemes.

  • CDC & WHO Reports: Digital con artists are offering phony information about testing kits, vaccines, and lists of infected people in your area, among others. These large health agencies are unlikely to send you a direct personal email. Consider any such communication fraudulent.
  • COVID-19 Products: The list of fake products has grown substantially since the outbreak began. Everyday people can anticipate tantalizing email content that involves cures, lists, immunity boosters, overnight test kits, protective wear, HVAC cleansing, and many others. A high probability exists that they are scams.
  • News Alerts: Some hackers have refined their schemes to emulate local media resources. They often offer crucial localized reports and safety steps if you click on a link. Don’t do it.
  • Personalized Emails: Cybercriminals find gathering bulk email lists from online platforms relatively easy. Many professionals have their contact info on platforms such as LinkedIn and others. Sophisticated bad actors may go as far as to personalize a message that you or a loved one tested positive, someone has been rushed to the hospital or other content that requires an urgent response. Sophisticated cybercriminals may specifically target professionals in an attempt to leverage your remote connectivity to a company network.

3: How To Avoid Getting Scammed

Although phishing scams have become more targeted over the years, there are telltale signs. Consider the following well-known errors hackers make that give them away.

  • Misspelled Words
  • Grammatical Errors
  • Generic Greetings
  • Ambiguous or Suspicion Email Origins

If you see any of these red flags, promptly delete the email. Deterring hackers also requires increased vigilance about verifying unusual emails — even work communication — through text message or phone calls. Visit only authoritative resources such as the CDC and confirmed government websites for the latest information. Increase cybersecurity device protections, firewalls, and backup critical data daily to the Cloud or external hard drive. And, never engage with a coronavirus-themed email.

Greg LaScala