As concern is mounting everywhere about the global COVID-19 pandemic, cyber criminals are having a spree. There have been reports of phishing emails in numbers countries being sent under the guise of a local government or credible organization updating concerned citizens with important information regarding the latest coronavirus news.
Recently, there were reports of a phishing scam pretending to be from the Public Health Agency of Canada. When people opened the attachment, malware-infected their computer. There are a number of ways that you can check to see if an email may be a potential cyber threat. These tips are good to share with all employees, especially ones now working from home, as a cyber security reminder.
In the Public Health Agency of Canada scam, there were a few red flags. First, the email address did not look legitimate. It started with publichealth@ but did not have a federal government domain. Second, it was addressed to ‘Parents and Guardians’ which is not typical of government communication and third, the email asked people to open an attachment to get updated health information. If this was truly an important communication from the government, all pertinent information would have been included in the message and not sent as an attachment.
Sometimes examples like this can help employees visualize what a suspicious email may look like and how to identify it.
Cyber criminals always take advantage of big events, like Christmas, or a crisis like the coronavirus outbreak. As a general rule, be wary of any websites that begin with ‘covid’ or ‘coronavirus’. Recently an IT security company reported an app that was circulating called ‘coronavirusapp.site’ which claimed to track virus outbreaks. However, once a user downloaded it, their device was infected with malware.
If an email appears to be from Health Canada or another government agency, instead of clicking on the email link or attachment, go directly to the official website. Health Canada has been posting all new coronavirus updates on its website and all accurate information can be located there.
There are also scams circulating in the form of requesting financial donations to assist those in need. There was a scam circulating in Quebec that was asking for people to open a Bitcoin account to help process donations. Essentially, this scam was to unwittingly recruit people into laundering money that was stolen from hacked bank accounts.
As many employees are working from home and using personal devices, there is an increased risk that falling victim to social engineering tactics could infect your business network. Make sure that your employees are only using work devices if possible, have the latest software installed and are using two-factor authentication.
If your business needs help to keep endpoint devices secure and have the latest cybersecurity protection, MBC can help. Get a free assessment today.