This is a re-sharing of an article I created for LinkedIn about a week ago that has only continued to gain more relevance. I hope that as information spreads we can hopefully limit the havoc that these bad-actors continue to unleash.
I'm seeing a lot of phishing emails around COVID-19 / the coronavirus. It's disappointing but expected that cybercriminals know that we are looking for information and answers to guide us through the confusion, anxiety, and uncertainty of what to do next. Be careful not to become a victim of these honed phishing campaigns around some "COVID-19 update" or "current coronavirus news". The last thing a small business needs right now is to lose files or financials to these kind of people, so here are a few quick tips.
1) Be especially wary of emails pretending to be from the CDC, WHO, or other government agencies. Try and find the information by searching for it on their website rather than clicking links emailed to you. Even links that appear valid according to their text may be hyperlinked to a completely different location when followed.
2) Keep an eye out for spelling errors and inconsistencies in the subject line and the from line (or domains that don't look legitimate). Read the entire email address to ensure it's coming from the source you think it is. There are cases of cybercriminals pretending to be internal HR members directing staff to click a link to view updated policies, and are instead directed to a malicious website.
3) Do your homework before donating to a cause. We're at our best when we decide that we will pull together to support each other in trying times, but some will look to take advantage of that instinct.
ArsTechnica put together a great article that's worth a read as well, I've linked to it here. Or better yet, maybe search "ars technica covid 19 phishing" and start practicing Tip #1 now!
Stay safe out there, in every way possible.