Phishing Scams; A side effect of the Corona virus
The world is going through some trying times right now, with the coronavirus affecting the economy and the lives of people in an unprecedented way.
Among all this chaos, there are a few people who want to take advantage of this situation for their own selfish malicious needs. This is carried out most commonly by phishing techniques, and it’s something to keep an eye out for, as it could lead to large-scale data breaches.
As an individual and as a company, it is important to understand the harm phishing can do.
Phishing is a serious cybercrime in which an individual pretends to be a legitimate institution, and requests users for sensitive data such as passwords, credit card numbers or account details. This is usually carried out by email, telephone, SMS or other social media websites.
Being victim to a phishing attack can cost you sensitive data, loss of productivity and a black mark on your brand image. The information stolen from you can then be sold to the highest bidder in black markets and the dark web.
The most important factor to consider about phishing attacks is the scale of the attack. These scams aren’t usually targeted at a single individual or a small group of people; they are carried out on a very large scale, affecting hundreds of thousands of people, out of which a good percentage may be gullible to the attack and leak sensitive information.
These attacks are most effective when carried out in times of economic crisis, such as now, as people are always looking forward to a helping hand to get them through these tough times. Little do they know that they’re facing the devil in disguise.
The most popular phishing scam in India right now is — using fake emails posing as the Indian government claiming to provide free COVID-19 tests and other resources. Eventually, they end up stealing personal and financial information from innocent citizens. They can also convince you to download malicious files which could cause permanent damage to your systems.
According to the Indian Computer Emergency Response Team (CERT-In), the attack is being carried out by the North Korean hacker group Lazarus, and they have close to two million individual email ids of citizens from major cities like Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad to launch the attack on.
The World Health Organization has also warned us about an international phishing scam targeted at an extremely large scale audience via fraudulent emails and WhatsApp messages, in which the attackers claim to be representatives of the WHO and ask for details like passwords and bank account details, and trick you into downloading attachments and opening malicious links.
Now that we know how phishing attacks can cause harm on a large scale, here are some ways to differentiate phishing emails from genuine ones.
- The easiest way to identify a phishing email is by checking the spelling of the sender. For example, a malicious email can pretend to be the Bank of America by spelling it as “Bank of Arnerica”. Notice that the ‘m’ in America is replaced with an ‘r’ and an ‘n’.
- Another indicator of a phishing email is that if you feel like it’s too good to be true, it probably is. If you receive an email from the WHO stating that the cure to the coronavirus has been found, but you don’t see anything on the news, you can confidently classify it as a scam.
- If you receive an attachment when you weren’t expecting one, there is a high chance it could be malware. Make sure you have a virus checker to verify it for you. If the file is too large, double-check the sender and don’t download it unless you’re sure it’s necessary for you.
- The same rule applies to hyperlinks. You can usually see the page a hyperlink redirects to when you hover over it. Make sure it’s not a malicious website. Some signs of malicious websites are misspelt URLs, URLs with random alphabets and numbers, absence of an SSL certificate and multiple redirections and pop-ups.
- Also, closely examine the content of any email you receive. Generic greetings like “Dear Sir/Ma’am” which don’t include your name, and instructions to take some urgent action like clicking on a link or downloading an attachment could be indicators of a phishing scam.
The best way to avoid being a victim of phishing scams is just good observational skills and common sense.
Always read emails carefully and watch out for any of the phishing indicators listed above. A phishing email can usually be distinguished from a genuine one quite easily. Don’t rely entirely on the information you receive via emails, especially health data. Refer to legitimate websites like the official website of the World Health Organization for updates and information regarding the pandemic.
Remember that organizations such as banks will never ask you for your account details via email or phone; so there’s no need to reveal any of that information online. Be careful about the websites you visit and don’t feel obliged to reveal sensitive information.
The internet is just a virtual world after all.
Be smart, and be safe!
Originally written for Wattlecorp Cybersecurity Labs at https://www.wattlecorp.com/phishing-scams-coronavirus-side-effect/
Enjoy Reading This Article?
Here are some more articles you might like to read next: