Cybercriminals are already taking advantage of people’s pandemic fears and concerns to implement new phishing campaigns. Don’t let them succeed.
Hackers are hoping that crisis-related distractions and eagerness for new COVID-19 information will cause workers to lower their guards and open phishing emails and links. Add to the fact that many employees are working from home and/or using new or unfamiliar devices; and trouble is just a click away. Fortunately, you can help stop these hackers in their tracks.
Encourage your employees to be on guard for:
- Emails supposedly from the organizational IT team. These may direct recipients to phony login pages to access work networks or accounts.
- Emails purported to be from a government agency or authority promising urgent COVID-19 news. These emails may direct recipients to click on links or ask for money or Bitcom to help fund a coronavirus vaccine.
- Messages claiming to be from charitable organizations seeking donations. For instance, they may ask for funding to rescue stranded travelers or to purchase masks for healthcare workers.
- Some other phishing emails include malicious attachments offering “tips” for protecting yourself from COVID-19 or maps of the outbreak. However, these actually contain malware.
Employees need to watch for red flags including:
- Subject lines and messages that play on fears and urgency and use threatening, alarming language instead of a calm, credible voice.
- Requests for credentials, personal data, or financial information. Ask workers to consider: Why would a credible public-health source direct you to a website that requires your credit card number?
- Unfamiliar greetings such as “Sir/Madam” or a nickname that wouldn’t normally be used in a business email.
- “Sketchy” email addresses. Check the URL. If a message purports to be from your IT guy, your credit card company, or the Red Cross but the email is firstname.lastname@example.org, the message is spam or worse.
- Spelling or grammar errors or words or language that the supposed sender would never use. No one is perfect, and everyone makes mistakes; but stilted language and poor grammar are a sign that something is “phishy.”
Talk with your IT team and trusted software vendors about ways you can help protect your employees and your company from cyberattacks during these challenging times. You not only will help save time and trouble, but you also will help take one worry off of everyone’s already full plate.