Pierluigi Paganini April 21, 2020

The increasing number of news articles circulating on the internet in the wake of COVID-19 has resulted in the rise of Phishing attacks which feed on people’s fears.

Phishing emails have been driven up to 600% since the end of February as cybercriminals capitalize on people’s fears. COVID-19 phishing emails have been said to make up an approximate of 15% of all spam mails to offices during the last week of March.

In fact, in USA phishing emails make up about half of the total spam mails. According to Mimecast Threat Intelligence data in the UK, Unsafe clicks peaked above 160,000 which is far more than the approximate 100,000 unsafe clicks in the US.

How Phishing Attack Works?

Till intentions of certain cybercriminals who are sending emails with malicious software that downloads on your device, disguised as attachments with the latest statistics regarding the pandemic are the primary mechanism for how phishing attacks are being executed in the current conditions.  

Mimecast has seen a 234$% increase in the COVID-19 related web domains and sub-domains registration in the last week of March to the end of March, about 60,000 sites out of the entirety have been legitimized whereas the rest are not. “These are all the same old attacks-nothing actual new. It’s just a different lure,” noted Steven Sarkisian, Mimecast’s Global Manager-Messaging Security.

How to know which coronavirus email is “phishing email”?

Coronavirus emails come in multiple forms. They can take the form of emails from the US Centers for Disease Control and make false claims as CDC warns. The email can claim to be a report of the COVID-19 cases in your area as well. They can take the form of Health advice emails claiming to be from medical experts near Wuhan, China.

6 Tips for recognizing and avoiding phishing emails

However, you can defend against the scams by taking certain protective measures that are listed below:

1. Do not give your personal information: A common theme for most coronavirus phishing emails seems to be the inquiry for personal information such as Social Security Number or login information. Authentic emails from verified sources would not require this.
2. Grammar and language used in the emails: These emails are usually not properly punctuated and have grammatical errors; this is a clear indicator that they are a hoax.
3. Persuasion for Instant Action: Males from authentic sources would not create a necessary sense of urgency and would usually not probe one to take drastic actions.
4. Email Address: At times, most often it is clear that the male sent is one that is not from a legitimate source by looking at the email address it is sent from, which one can inquire while hovering the mouse over the URL source.
5. Avoid Generic Greetings: Phishing emails usually refer to the receiver with a generic greeting like ‘Sir/Madam”, unlike those from official sources, therefore such mails should be avoided.
6. Use a VPN: You should use a cheap VPN to deceive hackers as they will not be able to trace your email address. By doing so, you will not receive any phishing emails.

Trusted Resources for Collecting Information about COVID-19

There are several official and legitimate sources where one can refer to instead of following such scams via emails. These sources can include referring to the CDC website which covers all things essential related to the virus such as:

• Symptoms
• Steps to take once a person contracts the virus
• Measures for Prevention
• Number of cases reported
• Steps for social distancing
• Information from the local offices

World Health Organization (WHO) provides a plethora of information that includes the measures for protection, travel guidance and queries to common questions even.

National Institute of Health (NIH) websites is also a reliable source for global updates on the pandemic, it includes information from international and national government organizations as well.  It includes all the necessary guidance regarding the virus.

Google.com has also set up a search alert with the keywords “COVID-19” or “Coronavirus”. One can get the latest updates regarding the pandemic by the use of the above keywords.

Conclusion

Unfortunately, even in these trying times, you will find cybercriminals planning to capitalize on people’s fears.

“This is a new low for cybercriminals who are acting like piranha fish, cowardly attacking people on mass when they are at their most venerable,” said the MP Dean Russell, member of the Health and Social care committee. “It’s vital that the public remains vigilant against the scam emails during this challenging time”.

It is upsetting that the computer users are now exposed more than ever to phishing scams and cybercriminals are willing to go to the mile even in special circumstances such as this.

However, by taking the necessary measures mentioned above and spreading awareness regarding this, these attacks can be prevented to a great degree.

About the author Rohail Abrahani

Rohail Abrahani is a Cybersecurity Researcher and Analyst with 5 years of experience. He likes to write on topics related to Internet Privacy, Artificial Intelligence, and Emerging Technologies.

Twitter Handle: https://twitter.com/rohailabrahani

Pierluigi Paganini

(SecurityAffairs – COVID19, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]