A pandemic is a scammer's dream.
We at Optimal Networks have been serving the IT and cybsersecurity needs of law firms and associations in the DC Metro area for nearly 3 decades, and we've never experienced a time like this before.
As we all look out for the health and safety of ourselves and our loved ones, and as we try to adjust to either not working or working exclusively from home (oftentimes with a house full of family members), fear and anxiety is running high.
And scammers are salivating at how vulnerable this makes us to their tactics.
Scams to look out for
We're seeing an incredibly high number of scams that falsely claim to offer helpful information or products related to COVID-19.
Here are a couple examples of phishing emails that were fortunately identified as malicious before causing any harm:
Phishing email appears to come from the World Health Organization
RED FLAGS: Spelling error ("SAFTY") in the subject line, "Sir" versus the recipient's name, vague message, poor sentence mechanics ("fever,coughcshortness").
Do you spot others?
Phishing email with security measures from a "Specialist"
RED FLAGS: Poor mechanics in subject line, "Sir," playing on fear with "This little measure can save you."
Do you spot others?
Besides email, these scams are also being sent out over text message and phone calls. They can promise important safety measures, face masks that are in short supply, critical updates to the spread -- whatever they think will play on our fears and get us to click that link or hand over that piece of personal information.
And in addition to direct scams, bad actors are also looking to increase panic (and therefore vulnerability) by spreading misinformation.
Many received a text message threatening a national quarantine, for example:
National Security Council tweet warns of fake updates on national quarantine.
Our CEO, Heinan Landa, gave the folks at FOX5 DC more information on these virus-related scams. Watch the full news clip here:
How to avoid these scams
Fortunately, there's nothing new to learn when it comes to avoiding these scams; lean on the same tactics we've been preaching for years:
- Don't click links you cannot verify (hover over to check the URL)
- Don't download any attachments you weren't expecting.
- Watch for poor spelling and grammar (this is on purpose!).
- Be suspicious of messages that don't address you by name.
- Don't offer up credentials or other personal information unless you can verify a legitimate need independently (by calling the sender, by logging directly into your Facebook account, etc.)
Regarding coronavirus specifically, be sure to stick to official websites for the latest news on the outbreak. Visit the World Health Organization (WHO) and Centers for Disease Control (CDC) sites directly, and avoid taking updates to heart unless they are confirmed by these sites.
All we really need to do is make sure we maintain a healthy skepticism, and we'll be in good shape.
If you could use a graphical reminder on our top 10 tips for avoiding social engineering scams like these, you can download our infographic here:
Stay healthy, and stay safe!