It is an unfortunate fact that evildoers love times of crisis. It is natural that when we feel threatened in any way we tend to act hastily. This is part of our natural fight or flight response, and historically it's served us well, helping us make fast decisions that quickly remove us from danger. Cybercriminals play on this natural instinct of ours, knowing that people are more inclined to haphazardly click on links and attachments during these "uncertain times."
What to look out for
Online attacks can happen over a web page or an email. Many of these scams can be pretty easy to spot, while others are more challenging to avoid.
The most common way to trick employees remains email. Many of these scams look like they're from a legitimate source, but obviously they're not. For example, an email may claim to be from your IT department indicating that due to the “heightened security” from working-from-home it is necessary to change your password. Attackers have a host of different methods to make a fake email address look like it's from someone you know, faking the from address to make it look like it is legitimate. As such, if you are unsure, don't use the reply address in any incoming email message unless you are sure who the sender is. Also, don't click on links in the questionable email or open any attachments. Instead, open a brand new email message and email your colleague directly. Better yet, phone them and find out if the message is legitimate.
Although we are at the most risk with email, threats continue to pop up on the Internet as well related to COVID-19. The sense of urgency created by COVID-19 and the (false) promise of useful information is a potent combo to make us circumvent our best judgment. When visiting a webpage, pay close attention to the page's URL. Often attackers will create a URL that looks similar to that of an official site (e.g., the login screen of your email application). Before you enter any personal information on a webpage, check the URL to make sure it is legitimate and starts with https and is preceded by a locked padlock icon. The U.S. Department of Health and Human Services Office has indicated that scammers are using the crisis in a myriad of ways to steal your information, and in some cases your money.
COVID-19 Fraud Alert
Other types of online scams can trick you into downloading malware or unwanted software that may harm your device or steal your personal information. For instance, Norton is warning of nefarious health advice emails alluring would-be victims with useful information on "safety measures." If you download the file from these scams, your computer will likely be compromised. If you would like to learn more about the ways criminals are taking advantage of people, you may find this comprehensive COVID scam guide from CallerSmart helpful as well.
Your best defense to avoiding these risks is hyper-vigilance. During this crisis, avoid clicking links and downloading files from unknown sources. If there is any doubt at all, make sure to check-in with the original sender and verify the validity of the email. Lastly, always make sure you have your antivirus software up-to-date.
Written by: Michael Rucker PhD. | Chief Digital Officer | Active Wellness