The COVID-19 pandemic has created subtle cybersecurity issues for small businesses. Mobile Computer Services, Inc. of Wake Forest provides cybersecurity advice on how to identify and avoid dangerous COVID-19 email phishing scams. The managed IT service providers build an email infrastructure that ensures a business can continue to utilize email as a safe and beneficial business tool.
A headline from The Wall Street Journal reads, “Don’t Click! Coronavirus Text and Phone Scams Are Designed to Trick You. Swindlers are taking advantage of the global health crisis, so watch out for email phishing, robocalls, and “smishing”—text-message scams sent to your phone.”
Billions of robocalls are annoying tens of millions of Americans. Unsuspecting and trusting individuals have shelled out vast sums of money to phone scammers and cybercriminals pretending to be government officials, health-care providers, IRS representatives, and more. As far as the robocalls, lawmakers find it all but impossible to make the calls stop. With the phishing (emails) and smishing (text messaging), commonsense strategies and IT managed email infrastructure security can address the cybersecurity issues.
The Wall Street Journal article begins with an all too common scenario. “A text comes in on your phone. It’s from the IRS, and your economic relief check is ready, pending your acceptance. There’s a form to fill out. All you have to do is click the link.”
With this introduction, author Nicole Nguyen brilliantly sets the stage for a straightforward solution that works every time. She writes, “If you don’t have time to read this whole column, please—for the love of sweatpants—just read this: Don’t Click The Link.”
The solution is not magical, nor is it an industry trade secret. Success at thwarting scammers does require some basic commonsense, self-discipline, and understanding of how to recognize fishy emails phishing for personal information.
News coverage in the dominant media culture surrounding COVID-19 has fostered phishing attacks seeking to exploit fears in the general population about the highly contagious and sometimes fatal virus.
How does the phishing scam work? Cybercriminals send bogus emails claiming to originate from legitimate organizations with vital data regarding COVID-19.
The email might direct the recipient to open a file attachment to read the latest statistics. Clicking on the file or embedded link may download malicious software onto the recipient’s device. The malicious software or malware enables cyber scammers to gain access to a computer, record keystrokes, or harvest personal information and financial data. Identity theft could be one of the painful consequences of this scam.
COVID-19 has impacted millions of lives worldwide. The long-term impact is impossible to predict. Effective steps are available to protect against COVID-related scams and mitigate the risk.
Spotting a coronavirus phishing email
Coronavirus-themed phishing emails appear in various forms, including the ones listed below.
- CDC alerts
Cybercriminals are creating emails that appear to originate from the U.S. Centers for Disease Control. The email may claim to link to a list of local coronavirus cases. The recipient is urged to immediately read the cases and glean safety hazards to avoid. Warning: Avoid clicking on the links! Granted, the emails may look official. Stay safe. Visit the CDC website directly for COVID-19 information.
- Emails giving advice on health issues
In these emails, scammers send offers of medical advice to help guard against COVID-19. The emails may purport to come from medical experts in Wuhan, China, the COVID-19 epicenter. The advice promises, “This little measure can save you!” Another scam strategy is “Use the link below to download Safety Measures.” Here is a simple, flawless cybersecurity safety measure: do not click on the link.
- Workplace policy emails
This form of phishing scam deserves extra attention. Employees’ workplace email accounts are information-rich targets for cybercriminals. A sophisticated phishing email might open with the casual greeting, “All, Due to the pandemic outbreak of COVID-19, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” Clicking on the fake company policy will download malicious software onto the device. The eventual legal and financial impact could destroy the company.
How to avoid scammers and phony ads
Scammers post ads claiming to offer COVID-19 remedies and use language that creates a sense of urgency. “Buy now, limited supply” is a prime example.
Responding to the ads could have several negative consequences.
- Malware could be downloaded onto the device when a malicious link is clicked.
- The product is purchased but turns out to be worthless.
- Personal information such as name, address, and credit card number has been shared with a stranger who may use the information for identity theft or sell or trade the information to another cybercriminal who may use the information to cause mayhem in some person’s life.
A simple solution is to avoid any ads seeking to capitalize on the COVID-19 pandemic.
Tips to spot and avoid phishing emails
Follow these tips to spot and avoid pandemic-themed phishing emails.
- Be very cautious of online requests for personal information.
A pandemic-themed email requesting personal information such as a Social Security number or login information is a phishing scam. Legitimate government agencies do not request information of such a personal nature. Do not provide personal data to such an email.
- Verify the link or email address.
Hover the mouse button over the URL to inspect where the link leads. Sometimes, the website address is obviously fake. Scammers have become more sophisticated and will create links closely resembling a valid address. Take action if the ad is a scam and delete the email.
- Keep an eye out for spelling and grammatical mistakes.
As mentioned above, phishers have perfected their messaging either by hard work or through artificial intelligence and grammar tools.
- A generic greeting is a giveaway.
Phishing emails are unlikely to use the target’s name. Greetings like “Dear sir or madam” signal an email is not legitimate.
- Avoid pushy emails insisting on fast action and little research.
The heightened sense of urgency or demand for instant action is to drive readers to respond in fear and click on a link to provide personal information. The simple, failsafe solution is to delete the message right now!
To learn more about IT managed solutions and email cybersecurity, visit the Mobile Computer Services, Inc. of Wake Forest website at www.ncmobilecomputerservices.com/locations/wake-forest. Contact the office by phone at (919) 230-2900.