Cybercrooks will take advantage of any situation or crisis if they have any reason to believe that it will be successful. With the Coronavirus being discussed in all sorts of media constantly, it is a natural target for phishing scams. This e-mail, which carries the logo of the World Health Organization, states the following:
Go through the attached document on safety measures regarding the spread of Coronavirus. Click on the button below to download. Symptoms: common symptoms include fever, cough, shortness of breath and breathing difficulties.
As is sometimes the case, the cybercriminals have made a number of spelling and grammatical mistakes that act as a warning sign that this is a scam. In fact, anytime you see an e-mail or a link that seems slightly off, it almost certainly is a phishing scam or other dubious cybercrime activity.
In this case, the fake page consists of an official current homepage of the World Health Organization (WHO), with a popup form near the top.
No doubt, the phishing scam is successful because with technology the cybercrooks can target millions of people at a time. And with people understandably nervous about the Coronavirus, they might fill in the form and be subject to the phishing scam. Of course, if you put in your e-mail address or your password and click through, you will be submitting the filled in web form to the cybercriminals. On top of that, you are also submitting an unencrypted connection.
Here are standard practices with respect to all phishing attacks that cyber experts routinely warn about:
●Never let yourself feel pressured into clicking a link in an email. Most importantly, don’t act on advice you didn’t ask for and weren’t expecting. If you are genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look. Better yet, call your doctor’s office.
●Don’t be taken in by the sender’s name. This scam says it’s from “World Health Organization”, but the sender can put any name they like in the From: field.
●Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take the extra time to review messages for telltale signs that they’re fraudulent – it’s bad enough to get scammed at all without realizing afterwards that you could have spotted the fraud up front.
●Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, stay clear. Do your own research and make your own choice about where to look.
●Never enter data that a website shouldn’t be asking for. There is no reason for a health awareness web page to ask for your email address, let alone your password. If in doubt, don’t give it out.
●If you realize you just revealed your password to imposters, change it as soon as you can. The crooks who run phishing sites typically try out stolen passwords immediately (this process can often be done automatically), so the sooner you react, the more likely you will beat them to it.
●Never use the same password on more than one site. Once crooks have a password, they will usually try it on every website where you might have an account, to see if they can get lucky.
●Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you, but are usually a huge barrier for the crooks, because just knowing your password alone is not enough.