The fear surrounding the novel coronavirus has created new opportunities for online scammers who look to exploit your anxiety and steal your private information. 

What is happening? Nasty netizens send emails claiming to be from legitimate organizations and ask you to click on links to fill out online forms, view statistics, and follow the news. 

Google reported that it is currently blocking 18 million COVID-19 related scam emails per day and that doesn’t include the more than 240 million spam messages launched at Gmail users that try to capitalize on the coronavirus crisis. In a blog post Neil Kumaran, Product Manager for Gmail Security, and Sam Lugani, Lead Security PMM, G Suite & GCP platform, outlined the types of attacks they’re seeing and blocking.

The WHO?

As hackers adjust their tactics to exploit the COVID-19 situation, there is an increase in reports of phishing emails impersonating organizations such as the World Health Organization (WHO) and the Center for Disease Control and Prevention (CDC).  Being a trusted source of information during the COVID-19 pandemic, the World Health Organization is used heavily by spammers trying to target people impacted by the disease. Spammers try to trick users into action by spoofing emails that appear to be from the WHO.  If the email sounds too good to be true (“New COVID-19 Cure”) it likely is a spam or worse, a phishing email.

The World Health Organization (WHO) is commonly spoofed during this COVID-19 lockdown. Note the spelling of their name – it is “Organization” vs. “Organisation” which we’ve seen in reports of spoofing emails. The legitimate WHO url is https://www.who.int  vs. www.who.com which is also commonly used in phishing messages.

Tips to avoid fraudulent messages

Here are some tips for avoiding messages aimed at email identity theft and fraud:

  • Check the website address, email address, and links. Inspect the URLs for web links by hovering over the link or email address to see where it leads.  If you see a bogus address, mark the email as SPAM and DELETE the message.
  • Look out for grammar and spelling mistakes.  If an email includes punctuation, grammar, and spelling mistakes, you’ve probably received a phishing email.  Mark it as SPAM and DELETE it!
  • Beware of the urgent demand for action. If an email demands urgent action from you, chances are it’s not legitimate. 
  • Don’t download files from unfamiliar email addresses.  Avoid opening attachments such as PDFs or other files that promise vital information and needed forms, but often have malware that will infect your computer.
  • Don’t send unencrypted email. Unencrypted email can be intercepted, and sensitive data can easily land in the wrong hands. Use StartMail for encrypted email!
    We have a support article if you want to learn more about StartMail’s email encryption.

During the COVID-19 pandemic, remember to protect yourself and your email! Try StartMail and keep your email private!