Phishing emails are a great way for hackers to gain access to your system. Phishing is a cyber-crime term that describes how criminals pose as legitimate institutions or a trustworthy entity/individual to trick you into providing sensitive data such as login ID’s and passwords.
Due to the COVID-19 outbreak cyber-criminals are using fear and uncertainty to prompt people to click on emails that promise supplies of paper products, hand sanitizer, and other products that are in short supply. Some reports are indicating that consumers are giving credit card information thinking they are buying supplies for their household. Phishing doesn’t come in just the form of emails; you need to be aware that phishing can happen via text and phone calls as well.
Brand recognition is another way cyber-criminals entice consumers to click on links. At this time of heightened concern, we are receiving a lot of emails from our business partners, news outlets, and health organizations; all of whom are trying to keep us informed. Cyber-criminals are using brand recognition to gain access to your system by sending you emails that contain malware or ask you to input ID and password to gain access. Imagine at this time cyber-criminals could be using brands such as WHO (World Health Organization) and CDC (Center for Disease Control) to lure consumers.
Here are some quick tips to help you avoid falling victim to these techniques whether at home or the office:
- Verify the source of the email by checking the ‘From’ field to validate the sender. Phishing emails will appear to send you an email from a trusted source but in reality, they are spoofing the “from” address. What does that mean? The name of your contact shows as it always does in the “from” field however, when you hover over the name or you see it in the preview pane of your inbox the email address associated with the contact is not the actual email address.
- Pay very close attention to the domain name of the websites you visit or that are revealed in embedded links in communications you receive. For example, www.microsoft.com and www.support.microsoft.software.com are two different domains. (and only the first is real).
- Be sure to report all suspicious emails to your information technology support.
- NEVER open email attachments that end with: .exe, .scr, .bat, .com or other executable files you do not recognize.
- DO NOT “unsubscribe” to phishing emails – cybercriminals are using this to gain access. If you unsubscribe you verfiy that your email address is valid, and it could take you to a website that downloads malware onto your computer. It is safer to delete the e-mail!
- NEVER click embedded links in messages without hovering your mouse over them first to check the URL and verify the domain is safe/secure.
- Do not respond or reply to spam in any way. Delete the message and then delete it again from your deleted folder.
OIA is dedicated to providing you with resources related to COVID-19. If you have any questions or concerns, you can reach Judy Sivy at firstname.lastname@example.org or 614-552-3048. Don’t forget to visit our website for all of our COVID-19 related advice and news!