FBI Warns of Email Phishing Attacks in COVID-19 Pandemic
Several of our clients have reported an increasing amount of phishing email messages showing up in their Inboxes and those of others in their organizations. The global efforts to combat the COVID-19 pandemic have understandably diverted much of our attention. Businesses large and small are reeling from the economic impacts. More than ever, we must keep our cyber guards up.
Cybercriminals are always looking for new ways to steal your money, identity and data. Protect yourself and do your research before clicking on links purporting to provide information on the virus, donating to a charity online or through social media, contributing to a crowdfunding campaign, purchasing products online, or giving up your personal information in order to receive money or other benefits. These are just a few of the ways cybercriminals are using to infect computers with malware, steal usernames and passwords, gain access to business information and more. On Friday March 20, 2020, the FBI issued an alert addressing these emerging threats.
According to the FBI alert, phishing emails are being sent daily in record numbers. Be on the look out for phishing emails that ask you to verify your personal information in order to receive an economic stimulus check from the government. While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money. Phishing emails may also claim to be related to:
- Charitable contributions
- General financial relief
- Airline carrier refunds
- Fake cures and vaccines
- Fake testing kits
Also watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize. Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.
Remember, you are the first line of defense against phishing attacks and malware infections. Following these simple steps will limit your chances of biting on a phishing scam or malware infection:
- Don't open messages from unknown senders
- Do not click on any links. By hovering your mouse pointer over the link, you can see the actual link displayed in a pop-up info balloon. If the link address looks unusual or does not match the site it states it’s from, it’s a phishing attempt.
- Call the sender and ask them if they sent you the message. Only follow the link or open the attachment if you can verify its legitimacy with the sender.
- Do not provide personal information to any unsolicited requests for information
- Type in a trusted URL for a company's site into the address bar of your browser to bypass the link in a suspected phishing message
- If you want to donate, visit the fundraising organization’s web site directly, don’t use any links from any other source.
- Only provide personal information on sites that have "https" in the web address or have a lock icon at bottom of the browser
- Immediately delete messages you suspect to be spam
Email phishing messages can be safely deleted. If a message appears suspicious and you would like help determining whether it’s a phishing attack or not, please call our office at (209) 790-4560 option 2, or send us an email at firstname.lastname@example.org.
If you believe you have already responded to an email phishing message, clicked on a suspicious link or opened a suspicious attachment, notify your supervisor and manager, and then call our office at (209) 790-4560 option 2.