Help your users spot Covid-19 phishing emails

As the Covid-19 pandemic rises scammers are now using the fear of the public to capitalize by using a method of email phishing to steal money and data.

World Health Organisation Advice

 There has been a growing confusion around the next steps to take, scammers can slip through the cracks. Health advice emails, advising people to sign up to doctor and fake links to “safety tips”.

Some emails are even claiming to have found a cure for the virus! As of yet, (13th March 2020) there is no vaccine so these emails should be deleted immediately.

To verify that an email is legitimate contact the World Health Organisation directly, and flag the phishing email as fraud if it is so to help others avoid making the mistake of giving these scammers their details.

The World Health Organisation has recommended to check the original email address to make sure it is a legitimate email, look closely- scammers will create emails as close to the WHO email as possible, so note any small inconsistencies.

The World Health Organisation has published the following checklist to make sure that you should refer to when assessing whether you have received a phishing email.

World Health Organization provided the following advice and will never ask the following:

  • They will never ask you to login to view safety information
  • They will never email attachments you didn’t ask for
  • They will never ask you to visit a link outside of www.who.int
  • They will never charge money to apply for a job, register for a conference, or reserve a hotel
  • They will never conduct lotteries or offer prizes, grants, certificates or funding through email
  • They will never ask you to donate directly to emergency response plans or funding appeals.

Scammers will be using emails, websites, phone calls, text messages, and faxes. 

Many of these emails are pretending to be charitable causes, asking for donations to help research the virus! They are also pushing malware to have you download a file and then infecting yourself with ransomware. An example of a phishing email looks like the below: 


 

Some common tip-offs that an email is phony are typos, grammatical mistakes, awkward language, missing words, extra spaces, and other signs that the email was written unprofessionally. Such emails might also ask you to look at an attachment or click a link and then give your personal information on a Web page or in a form. Or the sender’s email address might look suspicious. If you hover over the links you can even see that it would not direct you to legit URL.

Leave a Reply