It’s time for the cybercriminals to use the coronavirus epidemic in their attacks, yet again!
In the last week, Sophos security experts have seen phishing emails purporting to be from the World Health Organization (WHO). These coronavirus phishing emails prompt you to enter your email address and password to get helpful safety advice – and in doing so, you inadvertently give the crooks access to your email account.
What to do?
- Never let yourself feel pressured into clicking a link in an email. Don’t act on the advice you didn’t ask for and weren’t expecting. If you are genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look.
- Don’t be taken in by the sender’s name. This scam says it’s from “World Health Organization”, but the sender can put any name they like in the “From” field.
- Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take the extra time to review messages for telltale signs that they’re fraudulent – it’s bad enough to get scammed at all without realising afterwards that you could have spotted the fraud upfront.
- Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, stay clear. Do your own research and make your own choice about where to look.
- Never enter data that a website shouldn’t be asking for. There is no reason for a health awareness web page to ask for your email address, let alone your password. If in doubt, don’t give it out.
- If you realise you just revealed your password to imposters, change it as soon as you can. The crooks who run phishing sites typically try out stolen passwords immediately (this process can often be done automatically). So, the sooner you react, the more likely you will beat them to it.
- Never use the same password on more than one site. Once crooks have a password, they will usually try it on every website where you might have an account, to see if they can get lucky.
- Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you, but are usually a huge barrier for the crooks, because just knowing your password alone is not enough.
It is not fun to be targeted by cyber-crooks, especially during these tough times. Therefore, make sure that your computer and search engine is always secure so that you can avoid problems like these. The COVID-19 pandemic is bad enough, and to deal with coronavirus phishing emails is another thing.
Stay wary and secure, and you will face this problem like a champ!
We are happy to help if you have any questions? Send us a message.