While millions of people around the world have been suffering from the human and financial cost of the unprecedented coronavirus pandemic, the scammers have been busy thinking up new ways they can use the outbreak to defraud unsuspecting victims of their money.
In this guide, we’re going to take a look at some common coronavirus phishing scams and discuss the steps you can take to protect yourself.
Common coronavirus phishing scams
Coronavirus-themed phishing emails can take a number of different forms. However, the intended result is always the same. That is, to steal data that can lead to financial gain.
- World Health Organisation alerts
One of the favourite tactics of cybercriminals is to create fake alerts that look like they’re from the World Health Organisation (WHO). Some are more convincing than others; however, they all contain a link that the scammers want you to click. That link could purportedly be to a list of coronavirus cases in your area, but instead of displaying the information, malware will be added to your computer that gives the scammers access to your sensitive personal data.
- Health advice emails
Phishers have also been sending emails that claim to offer medical advice that can help to protect you from coronavirus. These emails can come from a range of sources, including medical experts in Wuhan, China, where the outbreak began. Again, the recipient is encouraged to click a link to download the safety advice or make contact with the sender, both of which will lead to attempted fraud.
- Workplace policy emails
Another approach the cybercriminals have taken over the last few months is to target employees’ workplace email accounts with fake company policies. One such email reads as follows: ‘Due to the Covid-19 outbreak, we have implemented a new disease management policy that details the safety precautions you must take’. If you click on the link, you’ll inadvertently download malicious software.
How to recognize and avoid phishing emails
All coronavirus phishing scams lure you into providing personal information or clicking a link so that the scammer can commit fraud. Here are a few tips to help you identify a scam and avoid being tricked.
- Never provide personal information over email – No reputable company or organisation will ever ask you to provide personal data such as login details or banking information over email.
- Check the address of the email or link – By hovering the mouse over the link included in the email, you’ll be able to see where it leads. You should also look more closely at the email address of the sender. If either of these details don’t look right, delete the email immediately.
- Look out for typos, spelling mistakes and grammatical errors – If an email includes errors or it’s written badly, it’s almost definitely a fake, so delete it immediately. Most webmail services are getting better at auto detecting these types of spam email but it always pays to have your own review process for anything that ‘slips through the net’.
- Report it – You can help to protect others from similar scams by reporting suspicious emails to the relevant authorities. You should also flag the email as spam and block the email address from contacting you again. This applies to both your emails and any suspicious mobile text messages you receive.
- Act quickly – As well as individuals taking action, organisations are also responsible for protecting their customers and workforce. Web based company Wonga.co.za opened a fraud hotline when it discovered South Africans were being targeted by a phishing scam that masqueraded as the online loan company offering ‘too good to be true’ prospective loan terms. Wonga’s quick implementation of the fraud hotline gave suspicious would-be victims a clear and simple path to speak with the brand and be made aware of the scam. This is exactly the type of fast and decisive action that organisations must take.
Have you been targeted by a coronavirus phishing scam? What was the outcome and did you report it? Please share your experiences with our readers in the comments below.