The vulnerability and anxiety spreading alongside the Coronavirus (COVID-19) present an opportunity for cybercriminals. Over the last few weeks, there’s been an increase in social engineering and phishing campaigns targeting Americans, and Coronavirus-themed phishing kits have emerged for sale on the Dark Web.
Taking advantage of widespread fear, cybercriminals have launched fake websites made to look like the official websites of healthcare authorities including:
- Centers for Disease Control and Prevention (CDC)
- Ministero della Salute in Italy
- Health Canada
These fake websites contain malware that visitors may unknowingly download to their desktop or mobile device. To get people to visit these websites, cybercriminals are sending targeted phishing emails that manipulate people into clicking a link. Playing on society’s heightened level of concern, these emails are sent with subject lines like:
- “Update -Coronavirus confirmed”
- “Important Coronavirus Update”
Don’t Fall For It
To avoid falling victim to Coronavirus-related cyberattacks:
- Educate yourself and others about Coronavirus-themed phishing attacks.
- Slow down, and avoid clicking on links in emails from senders you don’t recognize. Instead, visit websites directly by typing the URL in your browser’s address bar, or search for websites on Google.
- Only share and use authentic websites. For example:
- Review these tips for verifying the authenticity of emails and avoiding phishing scams from the American Bankers Association.
- If you receive a Coronavirus-related phishing email, report it to the BBB.