The coronavirus pandemic sweeping the globe with lethal and wealth-destroying consequences has proved so jarring to the powers-that-be both in Europe and the other side of the Atlantic to the extent that they have discarded deep-set taboos to forge atypically swift and pragmatic responses. That said, do not overlooked how scammers and fraudsters are looking at this havoc with glee. If you thought they would take a hike and give us some respite you will be mistaken ( that sentiment means your guards are already down - you better prop them back up or you will become another statistic)
Like a lot of you, we are pretty much glued to the news streams these days, trying to balance unease with calm realism. In trying times like these, we look for resources for critical information and ways to help people less fortunate than us. The better angels of our nature see difficult situations like recent fires in Australia, violent weathers and now the pandemic instinctively think what can I (we) do to help? - The Virtues Of Trust .
Most people have big hearts. There are also a sizeable number with bent and screwed morals. There are folks who see these kind acts and seek to profit off our good natures. They’ll try to take advantage of everyone in this sensitive time. They are very much aware of the intense activities going on online due to covid-19.
For example, I’ve been keeping an eye on the Johns Hopkins Coronavirus Resource Center. It has a great interface that displays real time data about covid-19 worldwide. Some cyber criminals are now using this API to sell ready-made kit that uses the map to spread malware. This version loads up malicious .jar files—Java files—that can be run directly in a browser. There’s a warning, but if you allow it, you could be installing password stealing software on your computer.
Since most people are now forced to work from home, the target or sweet-spot for harvesting is now increased substantially. So be far more vigilant of phishing attacks as covid-19 forces every tom, dick and harry to go online from home for chores they would otherwise do manually or if at work, would be protected by their company's network firewall.
- Your company can sandbox inbound email. This technique allows you to inspect the email attachment before it reaches your employees’ inbox. Also, incentivising employees’ good email hygiene behaviour (not clicking on unknown attachments or URL links and reporting suspicious emails) helps reinforce overall security awareness.
- As individuals at work, school, or home, you can do your part by considering what links in emails you click on. It’s ok to be skeptical of emails! For example, if you get an email from your bank with a link to their website, go to the browser and log in to your account directly rather than clicking on the email link. Also, be cautious of attachments in emails; malware can be embedded in Docx, PDF, and MP4s.”
Phishing is a fraudulent scheme that is designed to steal your money by getting you to divulge personal information on websites that pretend to be legitimate portals. These websites are designed to lure you into revealing personal information, such as credit card numbers, bank information, or passwords. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake email message, which contains a link to a phishing website.
Some examples of messaging in these emails are:
- Emails that promise a reward. “Click on this link to get your tax refund!”
- A document that appears to come from a friend, bank, or other reputable organizations. The message is something like “Your document is hosted by an online storage provider and you need to enter your email address and password to open it.”
- An invoice from an online retailer or supplier for purchase or order that you did not make. The attachment appears to be a protected or locked document, and you need to enter your email address and password to open it.
Learn to spot a phishing emailPhishing is a popular form of cyber-crime because of how effective it is. Cyber-criminals have been successful using emails to get people to respond with their personal information. The best defence is awareness and knowing what to look for.
Here are some ways to recognise a phishing email:
- Spelling and bad grammar
Cyber-criminals are not known for their grammar and spelling. Professional companies or organisations usually have an editorial staff to ensure customers get high-quality, professional content. If an email messages is fraught with errors, it might be a scam.
- Suspicious links
If you suspect that an email message is a scam, do not open any links that you see. Instead, rest or hover your mouse over it but don't click- on the link to see if the address matches the link that was typed in the message. When you performed the aforementioned, over the link you will see where the link will take you to when clicked. if the location looks suspicious it is - avoid clicking.
These types of emails cause a sense of panic to get you to respond quickly. For example, it may include a statement like “You must respond by end of day.” Or saying that you might face financial penalties if you don’t respond.
Spoofing emails appear to be connected to legitimate websites or companies, but actually take you to phoney scam sites or display legitimate-looking pop-up windows.
- Altered Web Addresses
A form of spoofing where web addresses that closely resemble the names of well-known companies, but are slightly altered; for example, www.micorsoft.com or www.mircosoft.com.
- Incorrect salutation of your name
Sam or Sami for Samuel
The link text and the URL are different from one another; or the sender’s name, signature, and URL are different.
The mail is sent to multiple recipients or to you in BCC.
Cyber-criminals can also get you to visit fake websites with other methods, such as text messages or phone calls. Sophisticated cyber-criminals set up call centres to automatically dial or text numbers for potential targets. These messages will often include prompts to get you to enter a PIN number or some other type of personal information.
Report phishing scamsThere are a few ways to report a phishing scam.
If you’re on a suspicious website:
- While you’re on a suspicious site, select the More (…) icon > Send feedback > Report Unsafe site. Follow the instructions on the web page that displays to report the website.
- While you’re on a suspicious site, select the gear icon, point to Safety, and then select Report Unsafe Website. Follow the instructions on the web page that displays to report the website.
- If you receive a suspicious email message that asks for personal information, select the check box next to the message in your Outlook inbox. Select the arrow next to Junk, and then point to Phishing scam.
Microsoft Office Outlook 2016 and Microsoft Office 365.
- While in the suspicious message, select Report message in the Protection tab on the ribbon, and then select Phishing.