COVID-19 Themed Phishing Emails

COVID-19 Themed Phishing Emails

COVID-19 is unfortunately here to stay for the foreseeable future. One of the many harmful side effects of the pandemic is that the public are becoming increasingly vulnerable to phishing scams associated with the crisis.  In this post we look at COVID-19 Themed Phishing Emails – what are they, how to spot them and what to do about them. 

Google have announced that in the last week alone, an average of 18 million COVID-19 phishing emails were sent per day via Gmail, despite their use of a sophisticated malware scanner. Plus, the rapid spate of COVID-19 scams was flagged by the UK’s National Cyber Security Center and the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) earlier this month.

Why are these emails dangerous?

If not dealt with in an effective manner, phishing emails can lead to theft of your personal information, passwords, identities, and sensitive company information. Plus, they have the ability download ransomware software to your computer or laptop that obtains private documents and holds them hostage for money – i.e. blackmail you.

It’s likely that your inbox will be full of emails from businesses updating you on their social distancing policy and other measures that they’ve put in place in order to combat COVID-19.  While the majority of these will be legitimate, it’s highly probable that phishing scams will infiltrate your inbox during this time too.

What to look out for

COVID-19 themed phishing emails can take different forms, including:

•       Emails posing to be from the World Health Organisation, falsely claiming information on the number of virus cases in your area
•       Health advice emails, claiming to be from medical experts in China, advising you to click on a link for more information on health measures
•       Updated workplace policy emails, claiming to hold information on update policies to accommodate COVID-19

What organizations can do to protect themselves?

Whether you’re working alone or seeking the services of IT support in London, you need to increase cyber security at your workplace. You can do this in the following ways:

• Educate employees
With cyber security, it’s important for your employees to actively apply the action plans. However, if they do this, they need to be educated about cyber crime, the attacks they may experience and what they can do to stop this from happening.

• Structure and safe-guard your data
The most-important thing to do is for you to identify what data is important for your organisation. That way you can re-structure data and add additional levels of protection. Backups and recovery plans must be in place to also ensure safety in case of a cyber attack. Therefore, this exercise will help you identify if there is any data theft.

• Draft a response plan
Set up a cyber security team in your organization. Ask them to come up with a flexible plan and apply this to keep your data safe. You can also seek input from your IT support.

• Equip yourself with new-age skills
Finally, upgrade your cyber security skill sets by having someone personally trained. Remember that just as hacking technology becomes more tricky, so does anti-hacking security technology. We would advise you to consult an IT company for the latest technology.

About IT-MSP

IT-MSP was founded in 2017 to provide London’s small & medium businesses with end-to-end IT services, right from purchasing and installing hardware to providing Mac, Windows & Linux support, cloud solutions, and data backup. We support our clients using proven, high-quality systems and security practices that blue-chip companies take for granted.

We consistently achieve excellent client satisfaction thanks to a process-driven approach, concise documentation and our team of friendly and highly trained London based engineers.

Youssef Baiza
Director