Remain Vigilant: Coronavirus Phishing Scams Are On the Rise
As the coronavirus (COVID-19) pandemic has progressed, you’ve probably noticed an increase in the number of emails from the brands you engage with online. The economy has undergone an extreme transformation, and companies in all kinds of fields are looking to update their customers on the availability of their products and services.
Unfortunately, scammers have noticed this trend, too, and they’ve been amplifying their phishing efforts in its wake. It’s become such a problem that the US Secret Service issued a warning to corporate America about coronavirus phishing.
All business owners should be wary of this type of cybercrime, especially when you consider that cyberattacks cost small business owners an average of $200,000. To protect your business from phishing, you’ll need to have a smart security strategy in place. But before we get to that, let’s quickly define exactly what a phishing email is.
What Is Email Phishing?
Email phishing is an attempt to steal private information from a person or business that will be used for theft, blackmail or other nefarious purposes.
This scam is executed by emailing misleading requests to click website links or email attachments which then install malicious software such as keyloggers or ransomware.
These scammers usually disguise themselves by posing as businesses or government agencies that potential victims would typically engage with. For example, during the pandemic, many phishers have been sending emails designed to look like official communications from the Centers for Disease Control (CDC).
Phishers may also pretend to be a local business or even an individual you know seeking funds for coronavirus relief. Don't assume that an email is secure just because the name of a person or business you recognize appears as the sender's name or in the subject line.
How to Identify Email Phishing
Protecting your business from phishing emails is a two-part strategy. The first part is to make sure that you and the other people in your company know how to identify email phishing. The second is having a cybersecurity solution in place that monitors the security of all of your business-related computers and mobile devices. Let's start with a few simple tips.
Be Wary of Email Addresses and Domain Names You Don’t Recognize
Say you receive an email that looks completely legitimate from an entity you normally interact with, but if you’ve never seen the email address before, or the domain name in the email address isn’t the same as the organization’s website. If that's the case, then there's a good chance that it’s a phishing email.
Additionally, most businesses will not use an email address from a free email provider such as @gmail.com or @yahoo.com. Emails sent from these addresses that purport to be from businesses or government agencies should immediately arouse suspicion.
It’s worth noting here that email addresses with domain names that end in “.gov” are probably legitimate. That’s because .gov domain names are carefully regulated and only given to government bodies. So unless they’ve been hacked, which is very unlikely, they should be safe.
Poor Spelling and Grammar Can Be Tell-Tale Signs of Phishing
Here’s a truth that applies to virtually everyone: most of the world does not speak the same language as you. Many or most of the scammers who send you phishing emails won’t speak the same language as you, either.
To overcome this barrier, they’ll translate their phishing email into your language using translation software. Fortunately, these translation methods are often imperfect, so the phishing messages you get will commonly have spelling and grammatical errors, which can make them easier to identify,
Suspicious Links and Attachments Should Be Scrutinized
When it comes to phishing emails, it’s worth reinforcing that the link or attachment is what the scammer wants you to click on. Scammers will try to hide the link they want you to click on by embedding it in an image that says something like, “Click Here to Get Coronavirus Relief!”
As mentioned before, the US Secret Service warned of scammers sending Microsoft Office files with malicious software attached to them. As a general rule, you should avoid clicking any link or attachment from anyone unless it’s something you’re expecting.
If you’ve applied all three of these tactics and are still unsure if an email from an organization is phishing or not, contact the company directly by phone or email to verify. Just don’t use the contact information that was provided in the email in question.
Preventing Cybercrime Is Everyone’s Responsibility
Odds are you will receive coronavirus phishing emails. It’s up to you and your team members to follow best practices for cybersecurity.
Still, there's only so much your team can do. That’s why it’s so important to have firewalls and other forms of security in place, such as Web.com's Cyber Security Solution. This tool actively monitors the security on your mobile devices and work computers and also provides access to a team of experts who can help resolve cybersecurity issues.
Ask yourself how you feel about your business’s cybersecurity strategy. Do you have a strong one in place? If not, encourage your team to be open about the subject, make sure they know how to spot phishing and give all of your devices an added layer of security with a proper security solution. By following our tips, you'll protect yourself and your business during the coronavirus crisis and beyond.