As we protect ourselves from the continuing impacts of COVID-19 on our businesses, it is worth remembering that in addition to the threats posed by the virus, we are also increasingly at risk from scammers and hackers seeking to exploit existing cybersecurity gaps (and our general sense of panic) through various phishing and spear-fishing campaigns and malware scams.
At GridWay, we’ve seen a significant increase in phishing scam attempts this year.
Here are some COVID-19 phishing scam examples, targeting North American users:
- Delivery Notifications from Amazon or other online retailers.
- Callers pretending to be utility companies threatening to cut your power because you are behind in your bill payments. This is particularly confusing because some utilities are deferring payments in the crisis.
- Fake sites or emails requesting you to click to check on COVID-19 infection maps of your city or to see an updated list or status of your school.
- “Breaking news” and other fake information sites.
- Offers to sell you a list of names of your neighbours that are infected, or infected retail stores etc.
- Selling fake COVID-19 tests.
- Selling fake COVID-19 prevention drugs.
- Fake charity appeals, such as fake Red Cross masks for donation-based scams.
- Robocalls, with fake virus updates.
- Texts from fake “government agencies” requesting you to respond.
- Fake websites, soliciting money for a good cause, often using images of respected persons to lend credibility.
- Gift card scams, including emails with a gift card as a reward for working at home and all you have to do is click on the link to activate it.
- Fake airline refunds.
What should you look for to identify a potential phishing scam?
- A “from” email address that doesn’t look correct or consistent with the brand’s usual means of communication, or is a common non-corporate email @ address like Outlook, Google or Yahoo, or internet service provider like Rogers or Bell.
- Spelling, grammar, or formatting issues that would be unlikely from professional organizations.
- The sender does not have regular communication with you or is not a vendor you or your company uses.
- An unusually light amount of detail, with just buttons or links to click.
- The hyperlink target (hover over the link to view) goes to a domain that does not match the official domain of the sending company.
- Vague yet urgent wording in the email message encouraging you to open/download an attachment, like “Contract attached – needs your review today.”
Don’t feed the phishing trolls! GridWay is here to help you navigate these uncertain times with reliable and effective cybersecurity services and anti-spam solutions.
GridWay provides Security as a Service (SECaaS), Help Desk Services, Server Monitoring and Maintenance, Managed Malware Anti-Virus services, and a Total Protection Program that combines these services along with assessments with our experts.Share