We’ve had reports that malware is being pushed out in the form of files or links providing ‘helpful’ information about coronavirus – if you receive a link like this do not open it because it will contain malicious coding that can damage your files or encrypt data (the files names generally imply that they include virus protection or detection or up to date threat developments).
Phishing scams send emails that mimic banks, online resources and credit card companies to trick the receivers into sharing their financial and personal information or downloading malware. The targets may be directed to malicious web sites also posing as legitimate sites where they will be asked to enter login credentials and other personal information the attackers can use to commit identity theft.
As the coronavirus generates headlines around the world, cybercriminals are continuing to use this public health crisis to spread phishing emails and create malicious domains for a variety of fraud.
The emails/letters appear to come from the Centre for Disease Control and Prevention, which is a real organization in the United States, and they do recommend some actions regarding the coronavirus. They come from a convincing domain, cdc-gov.org, whereas the CDC’s real domain is cdc.gov. A user not paying careful attention isn’t likely to notice the difference.
Tips to protect yourself from coronavirus scams:
- Be cautious about all communications you receive. ... This can be at work or at home..
- Do not click on any links listed in the email message, and do not open any attachments contained in a suspicious email.
- Do not enter personal information in a pop-up screen. ...
- Don’t be taken in by the sender’s name. Scammers can put any name they like in the “from” field.
- Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take extra time to review messages for telltale signs that they’re fraudulent.
- Check the URL before you type it in or click a link. If the website you land on doesn’t look right, steer clear. Do your own research and make your own choice about where to look.
- Never enter data that a website shouldn’t be asking for. A site that’s open to the public, such as the CDC or WHO, will never ask for your login credentials.
- If you realize you just revealed your password to impostors, change it as soon as possible. The crooks try to use stolen passwords immediately, so the sooner you change your password, the more likely you are to stop them for doing anything malicious.
- Never use the same password on more than one site. Once crooks have a password, they’ll try it on every website where you might have an account, to see if they can get lucky.