With so many of us working from home, scammers are trying harder to obtain our personal information and install malware on our devices using fraudulent phishing emails and smishing attacks (phishing using text messages). You can avoid many of these attempts by following the precautions listed below.

  • Do not click on links in emails that you were not expecting. Verify that someone you know sent the email or, instead of clicking on the unexpected link, open your browser and type in the official URL of the website you wish to visit. Remember that email addresses can be spoofed. Even if the email appears to be from a familiar organization, it could be a phishing attempt.
  • Do not log into an account from an email you were not expecting. When an email asks you to log into an account or online service, log into your account through your browser, not through the link in the email. That way, you can ensure you are logging into the real website and not a phony look-alike.
  • Never download an attachment from an email that you were not expecting. Remember, even if the sender appears to be a legitimate organization, the email address could be spoofed. You could be downloading their malware unintentionally. Sometimes the email may accuse you of ignoring regulations or having to pay a fine. Don’t give in to this tactic. Don’t let criminals toy with your emotions. Think before you click. When in doubt, reach out to the sender by phone to confirm the legitimacy of the email before clicking.
  • If an email directs you to install or update an application, do not click on the link in the email. Instead, go directly to the official website through your browser. This ensures you are accessing the real page and keeping your credentials safe. When using a work device, reach out to your IT department before installing any software. They can check that the application is legitimate and safe.
  • Stay informed during this confusing time. Follow local news, government websites, and other trusted sources.

Here are examples of Covid-19 fraud that have taken place recently.

  • Some phishing emails and smishing attacks (phishing using text messages) claim that you have been in contact with someone diagnosed with COVID-19. The message insists that you get tested and it includes a link that supposedly leads to a website where you can sign up for more information. The truth is, the link takes you to a malicious website that is designed to steal any information you enter.
  • Cybercriminals are using smishing to pose as a government agency. The text message says you have been seen leaving your home multiple times and as a result you are being fined. They urge you to click on their official-looking link to pay this “fine” online. If you click the link, you will be taken to a payment page where you give your credit card details. Smishing can be even more convincing than email phishing because criminals know how to spoof their phone number to appear as though they are calling from an official source.
  • Some scammers have crafted a well-written phishing email that appears to come from the VP of Operations in your organization. The message claims that your organization has a plan for reopening, and it instructs you to click on a link to see this plan. Clicking the link opens what appears to be a login page for Office365, but don’t be fooled. If you enter your username and password on this page, you would actually send your sensitive credentials directly to the criminals.
  • An email appears to be from the Coronavirus Research Center of John Hopkins University and includes an Excel attachment that is disguised as an updated list of Coronavirus-related deaths. However, the file actually contains a hidden piece of malware. If you open the infected Excel file and click “Enable Content” when prompted, a program called NetSupport Manager will be installed automatically onto your computer. This program is a tool that allows someone access to your computer and your personal information remotely.
  • Fraudulent emails can ask for charity donations for studies, doctors, or victims that have been affected by COVD-19. Scammers often create fake charity emails after global phenomenons occur, like natural disasters, or health scares like COVID-19.
  • Some spoofing supermarkets offer delivery services in order to obtain your personal information. They send you a phishing email that urges you to log in to your supermarket’s website using the link provided. Clicking the link takes you to a fake login page for your local supermarket.
  • A phishing email has links to download the latest version of Zoom. When clicked, the link takes you to a third-party website–not the official Zoom site–to download an installer. If you download and run the file, the program truly does install Zoom. The trick is that the installer also places a remote access trojan (RAT) onto your computer. This RAT gives cybercriminals the ability to observe what you do on your device. This includes saving what you type, recording video calls, and taking screenshots–all of which can be used to steal your sensitive information.

The team at YHB Investment Advisors hopes you find this information helpful and that you keep your personal data secure. Information courtesy of Knowbe4.com.