25
March, 2020

How to Avoid COVID-19 Phishing Scams

Great Information

Better Software. If our content is useful to you, think about what our software could do for you.

How to Avoid COVID-19 Phishing Scams

In our COVID-19 article series, we previously talked about how to pay your employees during this uncertain time in our country. In this second article, we are discussing how to avoid Coronavirus phishing email, text, and phone scams.

As companies adapt their business continuity plans in response to the COVID-19 crisis, new security challenges are being introduced. Cybercriminals are taking advantage of this chaos by exploiting employees’ personal computers and expanded Virtual Private Network (VPN).

COVID-19 has caused a cultural shift in the workforce. As more employees shift to remote work, cybercriminals simultaneously adapt their online efforts. The good news is there are measures you can take to avoid getting scammed.

Examples of Phishing Scams

It is important to be on high alert for bad actors who will try to take advantage of you and your employees. Do not click on any links in emails that you receive that are unsolicited, reference “urgent Coronavirus action required”, or try to get you to make a monetary transaction. They are attempting to evoke an emotional response to trick you into clicking a link or responding with private information.

Email Scams

At this moment, more employees are working remotely than ever before. It’s imperative you are careful when surfing the web and opening emails. Scammers know we are online and will try to take advantage. The three types of phishing emails to be aware of are 1) Emails Preying on Fear, 2) Emails Offering Healthcare Information, and 3) Emails About Workplace Policies.

Emails Preying on Fear

It’s important that you are vigilant against social engineering attacks that will prey on fear, uncertainty, and doubt. Scammers use fear as a gateway into our lives. Avoid emails that claim to be from the World Health Organization ‘WHO’, or that appear to offer real-time updates on the COVID-19 pandemic.

Here are some examples of phishing emails that have been reported by financial institutions:

  • “Covid 19 Update”
  • “Corona case No: 1192916” (typically random numbers)
  • “TNT Express Notification/ Your shipment was returned to our office!!! BECAUSE OF COVID-19 OUTBREAK”
  • “COVID-19: New confirmed cases in your city”
  • “Coronavirus Customer Advisory Issue”
  • Numerous WHO, Red Cross, and other donation/money scams.

Fake Email from the World Health Organization

Phishing Email Example

2. Emails Offering Healthcare Information

Fake emails from acclaimed healthcare providers and research organizations like Johns Hopkins are floating around. Spear phishing emails that come from accredited sources are known to cause data breaches on your personal or work computers. Cybercriminals then gain access to logins, passwords, as well as personal and company information.

To help fight against email phishing scams like these, keep your computer up-to-date with proper security software. You can also set your cell phone software to update automatically. Make sure you have a two-factor verification setup for any and all logins as well.

3. Emails About Workplace Policies

Cybercriminals are also sending phishing emails to employees’ business email addresses regarding Coronavirus workplace policies. If you click a link in these types of emails, it will download malicious software to your computer. This is particularly dangerous if you are working remotely using a company VPN.

Fake Workplace Policy Email Example

Fake Workplace Policy Email Example

How to Avoid Email Phishing Scams

Be diligent when you are surfing the internet and verify unknown websites prior to downloading files, especially if you are working remotely. If your company is encouraging you to use a VPN, make sure you disconnect your VPN session when you are not using your computer.

Here are some other things to consider that can help you avoid phishing attempts:

  • Are you expecting this email?
  • Verify the sender by hovering over the email address to view where the URL leads. Keep in mind, phishers can create links that closely resemble legitimate addresses.
  • Check for spelling, punctuation, or grammatical errors.
  • Check the URL and verify a website before you click any links.
  • Does this email make you feel pressured or rushed to take an instant action? Don’t fall for tricks designed to pressure you into clicking links or opening attachments.
  • If in doubt, use tools like KnowBe4 or the Federal Trade Commission’s two-step process to report an email.

    For more information on phishing scams click here.

COVID-19 Updates

Subscribe to the APS blog for the latest Coronavirus updates and news to help your business navigate this challenging and uncertain time.

Text Scams

Similar to email phishing scams, fake text messages are being sent to people during the COVID-19 pandemic to get them to share valuable personal information like account numbers, login IDs and passwords, as well as Social Security numbers.

Sample Scam Text Message

From my next door neighbor

Just received this…from good friend of mine who works for the CDC

Please be advised, within 48 to 72 hours the president will evoke what is called the Stafford Act. Just got off the phone with some of my military friends up in DC who just got out of a two hour briefing. The president will order a two week mandatory quarantine for the nation. Stock up o whatever you guys need to make sure you have a two week supply of everything. Please forward to your network.

How to Avoid Text Phishing Scams

If you receive a suspicious text message:

  • Check for spelling, punctuation, or grammatical errors.
  • Don’t click any links in the text message.
  • Never share your personal or financial information.
  • Do not respond if it’s from an unknown number.

Lastly, if you receive a suspicious-looking text link from a friend or co-worker that seems out of character, check with them and make sure they weren’t hacked.

Phone Scams

Phishing phone scams, or robocalls, are currently being used for everything from Coronavirus treatments to remote working schemes. With emotions so heightened right now, it’s important to know how to protect yourself from these types of scams.

Test Kit Phone Scam Audio Transcript

…[The Coronavirus] Response Act has made coronavirus testing more accessible immediately. If you want to receive a free testing kit delivered overnight to your home, press 1. If you do not want your free testing, press 2.

How to Avoid Phone Phishing Scams

If you suspect a phone call is a phishing scam, the best course of action is to hang up. Make sure you don’t press any numbers. The recording may say to press a button to be connected to a live person or remove yourself from their call list, but this could actually lead to more robocalls.

Bonus Tip: Fake Charity Scams

Another form of phishing you might encounter is links or groups asking for charitable donations. In times of crisis, it’s human instinct to offer help. Many of us might be looking for ways to help our local community through the COVID-19 pandemic. Cybercriminals will attempt to gain a profit by mimicking genuine charities.

How to Avoid Fake Charity Scams

During times of uncertainty, it’s important that you are certain of where your money is going. Avoid charities that ask for personal details and offer text message verifications. Make sure the charity you want to contribute to is legit. The Federal Communications Commission offers resources to help you confirm a charity.

Here are some factors to consider when evaluating the authenticity of charities:

  • Verify all phone numbers for charities and even contact them to ensure the number you have is legitimate.
  • Do not open suspicious emails requesting donations or other assistance and do not click on links or open any attachments.
  • Be skeptical of social media posts and verify with charity organizations whether they are soliciting donations. If you’re using text messaging to donate, check with the charity that the number is legitimate.

Avoid COVID-19 Phishing Scams

The reality is, hackers will strike at any time, crisis or not. Cybercriminals will continue to find ways to take advantage of each situation at hand. The good news is, we don’t need to worry about a phishing scam or a social media ad. We can equip ourselves with the proper tools and information so when a hacker knocks on our door, we are ready.

If you would like to communicate with your employees on ways to avoid Coronavirus Phishing Scams, feel free to use the email template below that we created.

Email Template

As companies adapt their business continuity plans in response to the COVID-19 crisis, new security challenges are being introduced. Cybercriminals are taking advantage of this chaos by exploiting employees’ personal computers and expanded VPN.

It is important to be on high alert for bad actors who will try to take advantage of you and your employees. Do not click on any links in emails that you receive that are unsolicited, reference “urgent Coronavirus action required”, or try to get you to make a monetary transaction. They are attempting to evoke an emotional response to trick you into clicking a link or responding with private information.

Examples of phishing emails reported by financial institutions are:

  • COVID-19: New Confirmed Cases In Your City
  • Coronavirus Customer Advisory Issue
  • Coronavirus Response Act

Here are some measures you can take to protect yourself and your workforce against phishing scams like:

  • Verify the sender by checking their email address.
  • Disconnect your VPN session when not in use.
  • When in doubt, don’t click links or download files if the email seems suspicious.
icon-1-1

Training

Receive lifetime training from our team of experts to help you master the APS system at no additional cost to you.
icon-2-1

Support

Your dedicated support team is just a phone call, email, or support request away to answer any questions you may have.
Employee Communication

Success

Work with APS experts who understand your business, your challenges, and your goals for a quicker return on your investment.

Recent Posts

Check out more great articles from the APS Blog covering HR, payroll, and everything in between.

How Churches Can Overcome Technology Gaps

How Churches Can Overcome Technology Gaps

In this article, church leaders will learn how to identify payroll and HR technology challenges in their existing systems. They will also learn how to improve their employees’ experience while working for the church by closing those gaps.

Pin It on Pinterest

Share This