The ability to leverage current events is a dream scenario for modern-day cybercriminals. These criminals use events, such as the COVID-19 pandemic, to fuel their malicious intent.
Expect phishing emails to be on the rise Cyber threat actors will utilize COVID-19 phishing emails in an attempt to convince the recipient to either reveal sensitive information (i.e. bank account information), or simply try to convince the recipient to open a malicious link or attachment, allowing them to potentially access your system.
COVID-19 vaccine-themed phishing emails may include subject lines such as the following:
While some phishing emails might be easy for you to detect, never get complacent when reviewing your emails. Expect to receive well-composed phishing attempts that are impersonating well-known and trusted entities, such as government agencies, healthcare providers, or pharmaceutical companies. NEVER open any link or attachment from a source that you cannot clearly identify as being legitimate!
For instance, email phishing campaigns in the past have targeted state-level agencies impersonating the Centers for Disease Control and Prevention (CDC). These emails have requested recipients to click on links in order to view a secured message pertaining to COVID-19 vaccine information. Links such as these could easily direct the user to a webpage that attempts to collect PII, including name, address, date of birth, driver’s license number, phone number, and email address.
Here are some notable indications an email, text, or phone call may be a phishing attempt:
For as long as the pandemic is around there will always be consistent attempts by threat actors to create fraudulent charities seeking donations for illegitimate or non-existent organizations. Fake charity and donation websites will try to take advantage of one’s good will, especially during such hard times. Always do your research before donating and providing any information.
As tax season is quickly approaching, be wary of identity theft scams involving fraudulent claims, especially surrounding unemployment benefits. This scam has especially skyrocketed during the COVID-19 pandemic as unemployment claims in general have been on the rise. The most typical scams to be on the lookout for (but are not limited to) include telling recipients that they’ve won contests, a cash prize, or are eligible for an award for applying for unemployment.
Phishing remains a prominent attack vector for almost all cyber threat actors. Your cybersecurity best practices will always be your first line of defense against phishing. Here are some recommendations you can take to shield yourself from these threats:
If you suspect you've been impacted by a scam or attempted fraud involving COVID-19, you can file a report with the Cybercrime Support Network. More information can be found here: https://cybercrimesupport.org/covid-19-scam-alerts/
Additional Resources
These tips are brought to you in the Commonwealth of Virginia by the Virginia Information Technologies Agency in coordination with: