We’ve often talked about the warning signs of phishing and how to dissect phishing emails. However, phishing emails grow more sophisticated as hackers get better. During the COVID-19 pandemic, scammers are using fear and taking advantage of people working from home to attempt more aggressive and tricky phishing attacks.
KnowBe4 recently wrote about such an attack where the scammer poses as the “Johns Hopkins Center” and offers information about US COVID-19 deaths—specifically, a spreadsheet with a list of people who have died in the US from the coronavirus.
Does this sound strange and too good to be true? Good. It should. In fact, if you sensed something wrong with this information, you’re ahead of the game.
Unfortunately, many people get tricked by such phishing emails because they look legitimate and seem to provide interesting, useful, and timely information. Let’s look at the advanced warning signs in such a phishing email scam.
Whether it’s the “Johns Hopkins Center” or the White House or your bank, ask yourself why a credible source singled you out with such an email. Instead of posting something to their website or telling media outlets, why would the Johns Hopkins Center send you an email with such information?
Obviously, credible sources will send you legitimate emails. How do you tell the difference? A few ways to vet such emails include:
If in doubt: Contact the source directly to see if the email is legitimate.
You might say, “Wow! A list of people in the United States who have died of COVID-19! But wait…wouldn’t that break healthcare privacy laws? Wouldn’t the media have reported it? And why would Johns Hopkins, a very respected university, be sharing such information? With me?”
Exactly the right questions to ask for this, or any, scam. Scammers try to entice you with “special” information or create a sense of unusual urgency with their message. Some questions to ask include:
If in doubt: Look up the information mentioned in the email or contact the source directly.
Whether it’s a PDF, a Word document, an Excel spreadsheet, or another file, an unsolicited email requiring you to open an attachment should be a major red flag. Only open attachments from senders you 100% trust. Otherwise, attachments are how scammers deliver malware and viruses, leading you to open what you think is a legitimate document when it’s actually an executable file that runs malicious programs on your computer.
If in doubt: Contact the person or organization who sent you the file to confirm they sent it. If still in doubt, contact your IT helpdesk.
Maybe it’s through an attachment, or maybe it’s through a website link. You get tricked or tempted and want the information the sender is providing you. Suddenly, you’re faced with a decision…
To read content from a trusted sender, you should not need to download software or enable some weird function in commonly used files that you’ve never enabled before. When was the last time you had to “enable macros” in a work document?
If in doubt: Ask your IT helpdesk about any requests for downloading software or enabling some technical function within a file. Only IT professionals, centrally managing your technology, should download and install software—not you.
Scammers are working harder than ever to trick you, and their scams grow more sophisticated. Don’t let them trick you. Make sure city employees receive regular training on the latest tactics that scammers use and share this post to help them spot key warning signs when they receive suspicious emails.
Need help training your employees and stepping up your cybersecurity? Reach out to us today.
Original Date: 8/5/2020