A hand in front of a computer screen with code. In red is username and password.
Property Casualty

COVID-19 and Cyber Risk — Tips to Prepare for Scams and Phishing

Ross Ingersoll
Ross Ingersoll
Executive Risk & Cyber Account Executive, PC

Cyber criminals have always preyed on vulnerabilities, whether it be within your network or emotions of individuals. Unfortunately, the fallout associated with the COVID-19 pandemic has invited both.

While keeping health and safety top of mind is the priority in avoiding the COVID-19 exposure, companies and employees need to be aware of a different kind of risk that is heightening during these times — cyber attacks.

Phishing Scams Use COVID-19 Stress to Attack

Phishing expeditions leveraging the COVID-19 fear and anxiety are well under way. Threat actors behind malware are disguising spam emails as official COVID-19 notifications pretending to be the World Health Organization (WHO), Center for Disease Control (CDC), and other health and welfare organizations. Additionally, other common scams may be related to potential vaccines, other cures, prepaid tests, local infection maps, etc.

These malicious emails are trying to mimic safety messages to trick individuals into clicking on malicious links or documents to deploy variations of malware. If you don’t normally receive emails from WHO, for example, be very cautious and skeptical with how you handle.

Tips to Protect Yourself Against Phishing Scams

Here are some tips to protect yourself (and the Federal Trade Commission (FTC) has so many more):

Be vigilant and report suspicious emails via your internal business protocols or externally to the either the Anti-Phishing Work Group or the FTC.

Signs of a phishing email:

  • The email looks like it’s from a company you may know and trust, such as Netflix. It even uses a Netflix logo and header, but it may have spelling errors or if you hover over the “From” address, it may be from an email address spoofing Netflix.
  • The email says your account is on hold because of a billing problem.
  • The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
  • The email invites you to click on a link to update your payment details.

Never give out company credentials, personal information, or financial information in response to a COVID-19-related email.

Any COVID-19-related email with an attachment or link should be treated with suspicion and verified using known contact information before responding. You can hover over the link to check legitimacy. If the email appears to be from a reputable institution, go directly to the official website to verify.

Don’t visit untrusted websites related to COVID-19. There has been a significant rise in website registrations related to COVID-19 that are being used to either steal information from visitors or infect them with malware. Remember, www.cdc.gov and www.coronavirus.gov are the authority.

If the tone of the email creates urgency or is anxiety-inducing, proceed with caution.

If donating to a charity, verify its authenticity. The FTC provides good resources for this.

Be Aware of Remote Working Scams

In addition to scams and phishing, businesses also need to be careful during this time as so much of our workforce is now working remotely. How can you protect yourself and your business while working away from the office? Holmes Murphy has created a guide to help. Download it today.

You can also reach out to us at any time with questions or visit our COVID-19 Resource Center (updated daily with the latest information). We are here for you!

Explore more from Holmes Murphy