As organizations in the private, financial, and government sectors take drastic steps to combat the spread of COVID-19, cybercriminals are taking advantage of the chaos. Recently, both the World Health Organization (WHO) and the Federal Trade Commission (FTC) have published warnings related to Coronavirus-related scams in cyberspace. Phishing, in particular, is quite prevalent. Last month, Colleen Tressler of the FTC noted that “fake emails, texts, and social media posts [are used] as a ruse to take your money and get your personal information.” She provided a few tips for identifying scams, such as watching out “for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying that [they] have information about the virus.” The WHO also provides a few tips to distinguish scam emails from legitimate ones, such as verifying that addresses end with “who.int”, as opposed to something like “who.com” or “who.org.” Phishing scams often try to exploit one’s fear and sense of urgency, which is easier to do during a crisis.
Phishing scams sometimes trick victims into downloading malware, either by opening an attachment or following a link. Last month, David Buxton of Kaspersky wrote about malware disguised as educational resources for combating the spread of the Coronavirus. The types of malware include Trojans and worms. To make matters worse, the malware would use .pdf, .docx, and .mp4 file extensions. We can often be suspicious of executable files (.exe), but in work environments, we almost always trust Adobe Portable Document Format (PDF) and Microsoft Word files.
While it is important to be aware of biological viruses like COVID-19, it is also important to remain vigilant in cyberspace. The Coronavirus may have already inflicted economic damage to your business. However, in your effort to protect your personal health and the health of your workplace, you shouldn’t allow cybercriminals to inflict even more damage to your business.