March 18, 2020
The widespread panic and fear surrounding the novel Coronavirus, or COVID-19 has created a unique opportunity for cybercriminals to deliver phishing attacks and malicious virus attacks to businesses and individuals, alike. Aimed at infecting computers with malware and stealing personal information and money, these attacks are often proving to be successful because of extreme interest and desire for information relating to COVID-19. Two of the main tactics these criminals are using are:
- Creating fake websites that appear to track the spread of COVID-19, however they are not legitimate. These sites are designed to install malware on computers when clicked.
- Spreading malicious malware via infected eMail attachments, embedded web links, advertisement links, or social media post links embedded in the body of an eMail. The malware is designed to install when the eMail attachment is opened or when the link is clicked.
- If you receive an eMail from an unknown sender that has an attachment and/or link, do not open the attachment or click on the link regardless of how compelling it looks. Many cybercriminals are sending eMails that appear to be from the Center for Disease Control (CDC) or the World Health Organization (WHO). It’s best to delete the eMail and go straight to the CDC website (cdc.gov) or the WHO website (www.who.int) for information. Remember, the CDC and the WHO will never reach out to an individual via eMail for donations or funding—even in times of national emergency.
- If you receive an unexpected eMail from a known sender with an attachment and/or link, do not open the attachment or click on the link. Contact the sender and verify if it is a valid eMail.
- Never enter any kind of credentials into a website unless you have taken measures to ensure it is the correct, safe website you are trying to reach.