We’ve heard the infamous quote, “Never let a crisis go to waste.”
Cybercriminals are now using fears over the coronavirus outbreak to prey on people by tricking them into clicking on phishing emails or text messages to deliver malware [TechRepublic, FoxBusiness]. It’s another evolution of malicious tactics used to trick targets into sharing personal, financial and business information. For example, a smishing message through a text or SMS phishing message may say: “First coronavirus detection in the Back Bay. Click here for updates.”
According to Security Magazine, the World Health Organization (WHO) is reporting a spike in cybercriminals disguising themselves as WHO to install malware or steal sensitive information. They are asking users to provide usernames or passwords, to click on a fraudulent link, or open a malicious attachment.
The article highlights six tips from WHO to help prevent a successful phishing attack:
- Verify the sender by checking their email address. Make sure the sender has an email address such as ‘firstname.lastname@example.org’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO. WHO does not send email from addresses ending in ‘@who.com,’ ‘@who.org’ or ‘@who-safety.org’ for example.
- Check the link before you click. Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
- Be careful when providing personal information. Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username and password to access public information.
- Do not rush or feel under pressure. Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
- If you gave sensitive information, don’t panic. If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.
- If you see a scam, report it. If you see a scam, tell WHO about it.
Make cybersecurity a top priority in your organization. Download our free Managed Security mini-booklet to learn more about protecting your organization. Or contact us to discuss options.
Mike Penn joined Magna5 as Senior Content Developer. His role is to bring to life stories that inspire or inject clarity in how managed services and emerging trends can be applied to help organizations operate better and more efficiently.