Molecular image of the 2019 coronavirus

Phishing Alert – Further warnings issued surrounding coronavirus scam emails

Many of the world’s government agenecies and securtiy organisations have released warnings regarding phishing emails disguised as coronavirus (COVID-19) information.

Following on from our previous post regarding coronavirus scams, we’d like to warn all our readers to remain extremely vigilant in these uncertain times.

Of particular concern is an email campaign targeting healthcare organisations, with the subject “ALL STAFF: CORONA VIRUS AWARENESS”(pictured below)

The email asks recipients to register for a seminar via clicking a link. If they do, they are taken to a fake OWA page which harvests their Office credentials.

The above example is seeing marked success despite its poor grammar and unconvincing appearance.

The problem is panic. When users panic, they act before they think. This is costing the world millions in fraud and can be avoided. At the time of writing, coronavirus phishing emails have cost victims in the UK over £800,000 since February.

These numbers must change, healthcare departments are working around the clock to deal with the crisis and it is vital we all do what we can to reduce the strain, both physical and psychological, on our fellow colleagues.

Before clicking on a link or opening a file attached to any email, especially those claiming to be about the coronavirus outbreak, think of these 3 basic rules:

  1. Is it from the right person?
    • Hackers often use email addresses which look similar to official organisations, such as global health authorities. If in any doubt, check the official site first to see if it a legitimate address.
  2. Is it relevant to you?
    • Take a moment to think if the email is pertinent to your job role, for instance, if you’ve been asked to work from home it is unlikely that an email asking you (and all other staff) to come into the office for a meeting is legitimate. If in doubt, call the sender of the email via a number you already have for them.
  3. Does it require interaction?
    • If the email asks you to click a link or download a file, check the URL in the email is going to the relevant official website. If the URL goes anywhere but the official site, avoid clicking it.

At Phishing Tackle, we understand that a user’s susceptibility to clicking a phishing email (their Click-Prone® Score) is likely to increase as pressure and stress builds. This in mind, please, think before reacting to an email.

Take a moment to go through the steps above. It may add 20 seconds to your response time, but it could also prevent a dangerous ransomware infection, data breach or other malware attack which in this dangerous time could be devastating.

Recent posts