How to Avoid Falling for COVID Email Scams

There have been several legacies of the pandemic, including mask wearing and employees working remotely. One that’s particularly dangerous has been a new slew of coronavirus-themed email scams.

During March of 2020, COVID-related spear phishing attacks increased 667%. The alarming level of phishing scams also caused the U.S. Secret Service to issue a warning. 

The Secret Service warned about phishing emails that pose as messages from legitimate medical organizations. One scam is sending emails using the logos of well-known entities like WHO or the CDC and offering supposedly pertinent information via attachment or link regarding the coronavirus outbreak. 

If the unsuspecting victim opens the link or the attachment, it can inject their computer with spyware, ransomware, or deploy a credential stealing form.

These scams are directed both at individuals and companies, using ploys such as: 

·      Offering a map of “outbreaks in your area”

·      Asking employees to read a “new company policy” related to coronavirus

·      Directing employees to enter their email address and password to “confirm your account so it’s not deleted” due to new COVID security 

·      Offering sale of masks and other protective equipment

·      Directing the recipient to “coronavirus testing locations”

·      Offering fake vaccines or cures

·      Emails posing as contact tracers for COVID-19

It’s important to know what to watch out for and to put safeguards in place through IT security strategies targeted against phishing emails.

Tips for Identifying Coronavirus Phishing Emails 

There are no lack of email phishing scams to look out for and best practices can apply for any type of phishing email identification. However, the COVID email scams are on another level because people want to know everything that they can to stay safe.

Here are some ways to ensure you don’t fall victim to the coronavirus-related phishing attacks that are prevalent. 

Don’t Trust the “From” Address

One of the common ploys used by phishing scammers is to use a legitimate company email in the “From” line of an email. 

The recipient will look at who sent the email and see that the email address looks legitimate and trust the message, clicking a malicious link or downloading a malware file.

Email spoofing is the official name of this tactic, and if your mail server doesn’t have email authentication in place people can easily be fooled.

One way to confirm the actual sender’s email address is to view the header or source code of the message to look for the routing information.

Hover, Without Clicking Links

Scammers will often use hyperlinks on buttons and text that hide the true website to which it’s directing the victim. The link might say “View Map” and it takes you to a non-sensical web address that has nothing to do with coronavirus or the promised information.

You can view the real URL of a link by hovering over it with your cursor rather than clicking on it. This is a quick way to reveal an email message as a scam.

Beware of Any Contact Tracing Email with a Link or Attachment

One of the newer ploys is a scam where the email states that the person has been in contact with someone that’s tested positive for coronavirus. It then directs them to fill out a form asking for personal information (like their SSN). 

The Federal Trade Commission warns that a real contact tracer will only email stating they will be calling. They will not send file attachments or links. And they will only ask for things like:

·      Your name & address

·      Health information

·      Names of places or people you’ve been in contact with

They won’t ask for credit card information, your SSN, your bank details or any other personal information. 

Look for Anything “Off” (Grammar, Misspellings, etc.)

Scammers have become increasingly sophisticated so it’s more difficult to tell a real message from a fake. However, some are novices or emailing from other countries and don’t use perfect translation software. So, sometimes you can still spot a phishing email by things like: 

·      Misspelled words

·      Poor English or grammar

·      Grainy or blurred images

·      Incorrect information (such as using Denver, FL instead of Denver, CO) 

Don’t Get Taken In by Emotion or Urgency Tactics

Phishing scammers often deploy tactics to get users to act immediately and will play on emotions such as fear.

For example, one COVID-19 related scam purports to be from a firm’s HR department and instructs employees to read a new HR policy on infectious diseases “by X date.” It further states that it’s mandatory that this be done.

The need to click the link and read the attachment by a certain date is a big red flag that it’s a scam email.

If you feel you have to act out of fear, urgency, or a sense that you’ll miss out on something, don’t react to an email from an unknown sender, and instead assume that this is most likely a phishing email.

Learn How to Keep Phishing Emails Out of Your Inboxes

Email filtering and anti-phishing are both strategies that can help you reduce the risk of employees falling for a phishing scam. BrainStomp can help you put those protocols in place to keep inboxes scam-free.

Contact us today to schedule a consultation! Call 260-918-3548 or reach out online.