March 2020: Credit Union Cybersecurity Tip from the OGO CISO Office – Coronavirus phishing emails: How to protect against COVID-19 scams
The plethora of news coverage surrounding the new coronavirus has created a new danger — phishing attacks looking to exploit public fears about the virus. These phishing attacks are on the rise. Pandemics and health scares of this magnitude are a dream for malicious actors.
Ongoing Operations recommends that you share a communication with your members/employees about this danger and provide tips for identifying an email from a bad actor. If you’re a current Ongoing Operations CISO as a Service customer, please reach out to our team for a template.
So, how do these phishing attacks work?
Cybercriminals send emails claiming to be from legitimate organizations with information about the coronavirus. These email messages may ask you to open an attachment to, for example, see the latest statistics on the virus. If you click on the attachment or embedded link, you will most likely download malicious software onto your device. The malicious software could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data (or that of your members).
It is impossible to stop malicious actors from sending these sort of emails, but it is possible to take steps to help protect yourself and your members against coronavirus-related scams.
Example of a Phishing Email
CDC alerts. Cybercriminals have sent phishing emails designed to look like they’re from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of coronavirus cases in your area. Or, it may instruct you to “click here for tips on staying safe”.
Like other types of phishing emails, the email messages usually try to bait you into clicking on a link or providing personal information that can be used to commit fraud or identity theft. Here’s some tips to avoid getting tricked.
- Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information.
- Check the email address or any links in the email. Don’t click. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. If in doubt, delete the email.
- Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” can signal an email is not legitimate. Delete it.
- Keep an eye out for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it immediately.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
- When you need information, go directly to the site. Don’t click links through an email if you are in doubt.
It is a good idea to inform your employees that your normal cyber policy applies. If an employee thinks that he/she clicked on an illegitimate link or phishing email, they should feel comfortable informing your cyber security team right away.
Where can I find legitimate information about the coronavirus?
It’s smart to go directly to reliable sources for information about the coronavirus. That includes government offices and health care agencies. Here are a few of the best places.
- Centers for Disease Control and Prevention. The CDC website includes the most current information about the coronavirus. Here’s a partial list of topics covered.
- World Health Organization. WHO provides a range of information, including how to protect yourself, travel advice, and answers to common questions.
- National Institutes of Health. NIH provides updated information and guidance about the coronavirus. It includes information from other government organizations.
Have any questions on pandemic planning or cyber security threats during pandemics? Want to stay up to date on information from Ongoing Operations? Subscribe to our blog below!
Welcome to the Ongoing Operations blog archive.
For our most up-to-date information, please visit ongoingoperations.com.
HOME