The coronavirus pandemic is starting to reach epic proportions as I write this. With multiple countries now in enforced lockdowns and the global death toll in the tens of thousands, people are understandably afraid, which makes them more vulnerable to scams and exploitation. One of the biggest threats comes in the form of coronavirus phishing emails. Your inbox is going to be filled with plenty of messages that have to do with the pandemic. Some are going to be legitimate and important, and others are going to be malicious. Here's how you'll know which is which.
Let's get some basics out of the way first. If you don't know what a "phishing" email is, let's clear that up. These emails are designed to get information from you that can then be used to either scam you or someone else. They are different from other scam emails where the scammers try to get money from you directly. You know the sort. Those 419 scams where a prince or politician asks you for a little money now to unlock a fortune later.
Phishing emails are often disguised as official emails from institutions or companies many people deal with. A common one is a fake email from your service provider telling you to reset your email password. If you click on the provided link it will take you to a fake website and if you enter your credentials they are stolen. Using those details, perhaps combined with another scam such as a SIM swap, the scammers take control of your account. Which is where the real havoc begins. Sometimes the information could be social security numbers or other information that can be used as social engineering tools or to get around security questions. Either way, phishing emails are a nasty tool that fools a large number of people.
Coronavirus phishing emails are especially nasty because they make use of fear and desperation around both the disease itself and its effects. There are many aspects of the current pandemic that can be exploited to this end. Obviously I can't name them all and some are yet to be invented, but we can try and come up with a few good examples.
Since various governments have made pronouncements on the possibility of financial aid for its citizens and businesses, it's an obvious phishing target. So you might get an email telling you that there's some government money coming your way. Many people are also waiting on test results for the disease, so phishers may try to catch some of these as well. Other emails may be more punitive, saying that you're being fined for violating lockdown or something similar.
The point is that there are many ways you can spin this crisis into something that can be used in a phishing scam. If we can agree it's a threat, then let's talk about how to spot these nasty emails.
There are no universal templates for a phishing email, but there are some telltale signs:
In really good phishing emails, none of these may be true, but most of the time there will be something obviously suspicious about the email.
The same general rules apply with coronavirus phishing as it does with the normal sort. The number one cardinal rule is don't click on links from unsolicited emails. Always navigate to the real, legitimate website yourself before entering credentials.
Never hesitate to verify information with a company or institution by going to their official site, their official verified social media or by giving them a call. If you are being asked to provide personal, sensitive information it's better to use another channel to confirm that the request is legitimate.
If you were not expecting the email and can't find third-party confirmation of its legitimacy, just delete it. Don't reply or engage in any way. If you have a way to report the email as phishing or spam, go ahead and do that too. You'll be protecting others from being attacked this way and perhaps fooled.
There are a long list of scams that are emerging thanks to the coronavirus pandemic. This means getting sick is not the only way in which this global crisis might hurt you. There are scams, disinformation campaigns and of course coronavirus phishing attempts to contend with. It's a heavy burden to both stay healthy and has to keep the scams at bay. Unfortunately, we all have to do our best on both fronts.