Online scammers are deploying elaborate email phishing schemes to exploit COVID-19 fears and confusion.
Some of the bogus emails have subject lines referring to COVID-19 testing, treatment or transmission. Some refer to stimulus checks or Paycheck Protection Program money. Others impersonate legitimate health organizations.
“Security researchers have identified multiple phishing scams in which attackers pose as authorities like the Centers for Disease Control and Prevention or the World Health Organization in emails, offering information about the virus in order to trick victims into downloading malicious software or handing over their login credentials,” writes Aaron Holmes for Business Insider.
Never before have any of us experienced a crisis quite like this. But you don’t have to go through it alone if you’re insured with Lawyers Mutual. We’ll do our best to keep you up-to-date, safe and successful during the pandemic. We stand with North Carolina lawyers. It’s what we’ve been doing since 1977.
Three Variations of Phishing Scam
Scam #1: The email says COVID-19 has spread to the recipient’s geographical area and instructs the recipient to enter their email password for more information.
Scam #2: The email raises a similar alarm and tells the recipient to click on a link that takes them to a bogus Microsoft Outlook website, where their credentials are stolen.
Scam #3: Similar to above, but the recipient is taken to a bogus World Health Organization website, where they’re asked to enter their email password to receive “safety measures” about the coronavirus.
5 Ways to Protect Yourself
Here are some steps to thwart the scammers, courtesy of Business Insider (quotes are from Aaron Holmes).
- Check the sender's email domain. See if it matches the website of the organization they purportedly work for. Then check the URLs included in the email. “In [a] scam documented by Trustwave, the scammer purports to be from the CDC, but uses an email from a domain other than cdc.gov and includes misleading links that lead to a different site when clicked.”
- Don’t trust login pages with unfamiliar URLs. “The malicious link in this scam directs users to a fake Microsoft Outlook login screen to steal their credentials — the unfamiliar URL is a tell.”
- When in doubt, copy and paste URLs into your browser rather than clicking hyperlinks directly. “In this case, when the misleading URL is copied and pasted from the email instead of clicked, it shows that the page doesn’t actually exist.”
- Don’t give in to scams that make you feel pressured to act quickly. “Scammers highlight the language of emergencies to make victims act more quickly. The WHO has urged people to resist giving in to panic and to think twice about whether an email looks legitimate. If the information is supposedly public, there’s no reason to submit login credentials in order to see it.”
- If you disclose sensitive information, change your passwords. Now. “HTML on a fraudulent site reveals how credentials are sent to an external source as soon as victims enter them. Don’t panic if you believe you’ve already given your login credentials to a fraudster — change all your passwords to online accounts now, and set up multifactor authentication whenever possible.”
Have you received a COVID-19 phishing email? How did you handle it?
Lawyers Mutual is the only legal professional liability insurance company that has been protecting North Carolina lawyers continuously since 1977. Our motto, “Here Today, Here Tomorrow,” is more than a tagline. It’s our commitment to the lawyers in this state.
Jay Reeves practiced law in North Carolina and South Carolina and is author of The Most Powerful Attorney in the World. He helps lawyers and firms improve their well-being and create a saner, more successful Law Life. He is available for talks, presentations and confidential consultations. Contact firstname.lastname@example.org or 919-619-2441.