Some phishing campaigns prey on would-be victims’ fear. Others seek to capitalize on the opportunity created by hot topics in the news cycle. COVID-19 has presented cybercriminals with a way to combine both into a dangerous one-two punch.
MILAN, ITALY - MARCH 08: Passengers, wearing a face masks, arrive at Milan's Central Station on ... [+]
You’re no doubt well aware of the potential health risk associated with COVID-19. The Department of Homeland Security wants to make sure you minimize your cyber risk, too.
The Department has shared a list of tips from the Cybersecurity and Infrastructure Security Agency (CISA). Follow them, and you should be able to avoid these brazen attempts to steal your credentials or pry away your hard-earned cash.
Use Trusted Sources
This seems simple enough, right? The truth is it’s not so easy these days. Not when anyone can quickly cobble together a legitimate-looking news site, pay for promoted posts on Facebook, and convince Twitter to verify accounts.
Stick to well-known sites with solid reputations and a track record of publishing verifiable facts. For COVID-19 news, the Centers for Disease Control and Prevention is a good place to start.
Avoid Clicking On Links In Unsolicited Emails, IMs, or Texts
Did you receive a message from a sender you don’t immediately recognize? Scrutinize everything in the message. If it’s an email, compare the sender’s name to the email address (for texts, look at the phone number). Look for spelling errors and odd sentence structure, and definitely don’t click any links you see if you find any part of the message suspicious.
You can always double-check the safety of a link by copying it and pasting into a web-based tool like VirusTotal or Sucuri’s SiteCheck.
New email online message communication mobile phone
Avoid Opening Attachments In Unsolicited Emails
Email attachments should be handled with even more care because a careless double-click can silently give cybercriminals complete control of your system. Scan attachments using whatever antivirus app you have installed on your system or submit it to VirusTotal for analysis.
You can relax the rules slightly for senders you recognize, but never let your guard down completely. It’s always possible someone you know has been compromised by malware and is unwittingly attacking you via your inbox.
Do Not Reveal Personal Or Financial Information In Email, IMs, or Texts
This is absolutely imperative for organizations, but individuals should follow this advice, too. No one who legitimately needs to verify your birth date or social security number will do it via email, IM, or text message. No one who needs a copy of your birth certificate or passport should ask you to email it, attach it to an IM, or send it via MMS.
And while it’s perfectly fine to discuss business deals in email threads you should never, ever provide account information in a message. Make a quick phone call or meet in person (or videoconference) instead.
Image:
Verify A Charity’s Authenticity Before Making Donations
Don’t think for a second that cybercriminals are above impersonating a charitable organization to line their pockets. Whether they’re after credentials or money, official-looking websites or emails that tug on would-be victims’ heartstrings can be very effective.
The FTC has an entire webpage with tips on how to make sure you’re not being misled by scammers.
Though CISA offered these tips to protect the public from scams preying on Coronavirus Disease 2019 fears, they’re worth applying all the time. Cyber attackers never stop, they just change their tactics.
