BackHow to spot Covid-19 related phishing email scams
Total number of coronavirus-related email attacks in February was 1,188, a jump from 137 in JanuaryEmails offering medicines or cures for Covid-19 need to be strictly avoided as there is no vaccine available for it yet
PremiumNEW DELHI: Between March 1 and March 23, Barracuda Networks’ AI solution Barracuda Sentinel detected 467,825 spear phishing email attacks, worldwide.
Around 9,116 of them were related to Covid-19, accounting for 2% of the attacks. The total number of coronavirus-related email attacks in February was 1,188, a jump from 137 in January.
The global surge in Covid-19 cases has led to a mad scramble for information about the disease. Cybercriminals have been trying to take advantage of this spike in public interest by targeting individuals with emails giving out new information on the disease, deals on safety equipment and seeking donations.
These harmless looking emails would seem convincing at first. But clicking on a link or file attachments they may be carrying can expose individuals to all sorts of cyber risks.
Here are some tricks to identify Covid-19 related phishing emails.
Emails from fake organisations
One of the email scams caught by the Barracuda Networks was sent in the name of an organisation called World Health Community, which actually doesn’t exist. Users getting such emails need to verify the names of the organisations form which the email has been sent. A simple online search with a verifiable website can reveal that.
Misspelled domain names
To sound even more convincing, many of the phishing emails use actual names with genuine logos of trusted organisations. Proof Point came across several emails carrying logos and names of WHO. Similarly, Kaspersky found emails sent in the name of Centre for Disease Control and Prevention, using convincing domain, cdc-gov.org, whereas the actual CDC domain is cdc.gov. In cases like these where the sender actually exists, users need to look carefully at elements like domain names of the organisation. Kasperksy suggests, if users hover over the link without clicking on it, they can see that the real address it leads to is different than the link description. It won’t really take them to cdc.gov.
Look for discrepancies
In many phishing emails there are bound to be some discrepancies. In one instance, an email sent in the name of WHO was asking individuals to make donations in cryptocurrencies such as Bitcoins. In reality WHO doesn’t take donations in Bitcoin. Similarly, an email spotted by Check Point was signed off by a doctor from WHO based in Italy. However, the cybersecurity firm’s researchers could not find a doctor by the name of Penelope Marchetti with WHO during their online searches.
That webpage seems out of place
In another set of emails found by Kaspersky, after clicking on an the attached link, the individual is redirected to a website showing a Microsoft Outlook interface, coaxing them to login with their e-mail login and password. Kaspersky warns it has nothing to do with Outlook. In reality, it is a malicious page designed to record users keystrokes and steal passwords and other critical information, which will them be forwarded to the attacker to break into users’ email account. Any random requests that make no sense, similar to this, should trigger alarm bells in the users’ mind.
The one with links or attachments
Any email coming from an unknown sender with very little information in the body text and a request to click on a link or attachment should not be entertained at all, unless one has verified the sender’s identity first. Clicking on link can land one a malicious webpage while a malicious attachment can install nefarious malwares like Emotet on the system and open doors for multiple other malwares. User can lose control over their system and the critical personal or financial data on it may end up on Dark Web for sale.
Ones that make fake promises
Emails offering medicines or cures for Covid-19 need to be strictly avoided as there is no vaccine available for it yet. Also, if there are cures they are likely to be announced and covered by reputed media publications who are tracking the development closely.
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
