Beware of these COVID-19-themed phishing scams

Beware of these COVID-19-themed phishing scams
As if a health pandemic is not causing enough chaos for small- and medium-sized businesses (SMBs) in New York to deal with, phishers are also taking advantage of weak IT security and poor cybersecurity habits to unleash different kinds of COVID-19-themed scams. Especially now that the economy is suffering due to the viral outbreak, you can’t afford to fall prey to phishing scams that steal your data and money. Beware of the following: phishing scams to avoid covid-19 infographic

COVID-19 vaccine investment scams

This scam claims that a treatment of COVID-19 is underway, and urges the recipient to invest in the company that’s supposedly developing and marketing the vaccine. According to some “research experts,” it’s better to invest now than when the top-secret medicine is revealed to the public, because stocks will definitely skyrocket then. “This is a smart investment,” they maintain. It’s not. It’s a classic pump-and-dump scheme, which boosts the price of a stock based on misleading or exaggerated data. When victims fall for the bait and start investing, the stocks, price, and volume for the affiliated company will suddenly rise (the pump). The fraudsters will then sell their shares at a profit, leaving victims with the useless stocks (the dump).

Merchandise-related scams

At a time when test kits and face masks have become limited due to rising global demands, cybercriminals impersonating the Red Cross are sending emails that offer these much-needed merchandise. You don’t even need to send payment right away; you just have to fill out a form that gives away all the information opportunists need to steal your identity. In some cases that phishers do ask for payment in exchange for the merchandise, the link in the email leads to a site that captures payment information, allowing criminals to freely access the money in the victim’s bank account.

Fake donation solicitations

In an announcement, the World Health Organization (WHO) warned about criminals pretending to be representatives of the organization in emails or WhatsApp messages. These fraudsters are using WHO’s name to get victims to click on malicious links or open attachments that would enable them to steal money or gain sensitive information. Pretending to be an established organization isn’t a new phishing tactic, but coupled with a pandemic, it can make otherwise vigilant users act rashly. After all, it's quite compelling to support legitimate institutions seeking urgent monetary donations for COVID-19 frontliners. The emails and messages usually include a link to a fake site that will allow cybercriminals to withdraw the generous donation directly from the victim’s bank account.

Fake COVID-19 newsletters

Anxiety stemming from uncertainty is high these days, and one way to lessen that is by acquiring as much information as you can about the novel coronavirus. Phishers are capitalizing on this behavior by sending out offers to compile COVID-19-related news and deliver them to your inbox in one convenient newsletter. All you have to do is sign up by clicking on a link that, unsurprisingly, installs malicious software on your device or takes you to a malware-ridden site.

How to avoid coronavirus scams

Cybercriminals ride on sensational topics, and as the coronavirus has become a concern to citizens worldwide, phishing scams mentioning the illness has spiked. Protect yourself from opportunists and follow these tips:

Start Fighting Cyber Crime with KNOWLEDGE & ACTION!

Download our free eBook for useful tips you can use and share to your employees to protect your business from cyber crimes, data breaches and hacker attacks. Enter your details on the form on the side Share this with your employees and protect your business.

  • This field is for validation purposes and should be left unchanged.

  • Be skeptical – Phishers rely on human error to succeed. This is why you should always question unsolicited offers, especially those that sound too good to be true. Before investing in stocks, for instance, verify the credibility and authenticity of the company and the stockbroker. Always take everything with a grain of salt.
  • Look out for red flags – Phishing scams have been around for a while, and they all share similar characteristics that give them away, such as:
    • Phishing emails require you to share personal information like your Social Security number or payment details. No legitimate agency will request for such sensitive information via email.
    • They create a sense of urgency to push you to act then and there. Some threaten that you’ll be locked out of your account if you don’t update your information, and some lure people into signing up by giving deadlines on “exclusive deals.’” Be suspicious if you’re being asked to do something immediately.
    • Established institutions like the WHO and the Red Cross always edit and proofread their communications, so if you spot a lot of misspellings and grammatical errors in an email, it’s probably fake.
  • Employ anti-phishing measures – Some anti-phishing software sniff out emails that contain potentially harmful links and block them from even entering a company's email systems. Meanwhile, other anti-phishing protection tools can block users from clicking on links and attachments sent by unsafe websites or individuals.
Phishing scams are just one of the many threats that can bring your practice down. In these trying times, you need all the protection you can get. Healthy IT can provide your company with multilayered enterprise-grade technology services that not only mitigate threats, but also eliminate risks and streamline productivity. Get in touch with us.