DHS: Beware of scams, ‘phishing’ emails
With many people across the country working from home due to the outbreak of coronavirus (COVID-19), federal agencies warn that scammers are exploiting the outbreak to target both businesses and consumers, especially through phishing strategies.
According to the Department of Homeland Security, “phishing” is the fraudulent practice of sending emails which seem to be from reputable companies in order to entice individuals to reveal personal information, such as passwords and credit card numbers. Phishing scams have become ubiquitous through email communication and e-commerce.
Cyber criminals are exploiting the coronavirus through the wide distribution of mass emails posing as legitimate medical or health organizations. In one particular instance, referenced in a press release from the United States Secret Service, victims receive an email which seems to be from a medical/health organization that includes attachments supposedly containing pertinent information regarding the coronavirus. This leads to either unsuspecting victims opening the attachment causing malware to infect their system or prompting the victim to enter their email login credentials to access the information. This type of incident enables further occurrences of cyber enabled financial crimes such as Business Email Compromise, PII theft, ransomware and account takeovers.
Another current emerging fraud scheme exploiting the coronavirus has scammers, through legitimate social media websites, seeking donations for charitable causes related to the virus. Criminals are exploiting the charitable spirit of individuals, seeking donations to fraudulent causes surrounding the coronavirus. Increased caution should be exercised when donating to charitable organizations during this time.
The Secret Service offered suggestions and tips about how to avoid being involved in one of these scams:
• Avoid opening attachments and clicking on links within emails from senders you do not recognize. These attachments can contain malicious content, such as ransomware, that can infect your device and steal your information.
• Be leery of emails or phone calls requesting account information or requesting you to verify your account. Legitimate businesses will never call you or email you directly for this information. Always independently verify any requested information originates from a legitimate source.
• Visit websites by inputting the domain name yourself. Businesses use encryption, Secure Socket Layer. Certificate “errors” can be a warning sign that something is not right with the website.