COVID-Security | website

Top 4 COVID-19 themed attacks and how to avoid them:

Email Phishing – emails are being sent that claim to be from the World Health Organization, U.S. Center for Disease Control, Department of Health and Human Services, Homeland Security and various international agencies. These emails contain a variety of links and malware transmission methods.

How to stay safe:

Try to NEVER click on a link in ANY email, if possible. If you must click the link, rest your mouse over the link (without clicking) to see where the link leads. Verify that the site name makes sense.
Think before you click! Ask yourself:

- does it make sense (would the WHO be sending you email? Probably not)

- does it look right? If you were waiting on an email from your bank regarding the PPP program, check the email carefully to see where it came from (info@citibank.com and info@citibank.c.com look a lot alike), check for spelling and grammar errors, etc. If you are in doubt, call the sender.

If you receive spam or phishing emails, don’t just delete them. Instead, right click and mark as Junk or block sender. This will prevent that sender’s email from coming to your inbox.

2. Malware from web browsing– many people are home with time to browse the Internet looking for products such as hand sanitizer, face masks or just additional information on the coronavirus. Malware can be delivered to your device, even if you don’t click on anything on a website.

How to stay safe:

Any website or site advertisement for information related to COVID-19 or Coronavirus should be viewed with suspicion. If you are browsing the web looking for information, be very cautious about which information sources you select.
If you don’t recognize the name of the site, don’t go there.
Clicking advertisements, even on webpages that you do trust, can also lead to bad results. If you see an advertisement or link to another article that you find interesting, remind yourself that these items are called “Clickbait” for a reason. Until recently, the “bait” might be a headline such as “Learn the one food to avoid belly fat” or “You won’t believe how this 70’s actor looks today”. Now the bait headlines are things like “Learn who unleased the Coronavirus and why” or “Doing this one thing every day will protect you from COVID-19”.

3. Malicious Software related to communications - With so many people working from home, communication platform software such as Zoom and Microsoft Teams have become favorite names for threat actors to use when sending phishing emails. Emails that include attachments with names like “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” are designed to trick people into downloading malware on their devices.

How to stay safe:

Any email attachment should be avoided. Don’t save it, don’t run it.
If you need the application, go get it from the actual website.

4. Social Media Scams and Clickbate – Sorting through fact vs opinion or conjecture is extremely difficult for anyone. A perfect storm of social media platforms like Facebook and Twitter combined with a lack of skepticism and fact checking has produced innumerable examples of disinformation, scam and clickbate posts in social media. Some people have acted on these inaccurate posts, causing harm to themselves and others. For example, there are dozens of Facebook pages originating in Kosovo which hype American-themed posts with inauthentic and often inflammatory content. Some of these Facebook groups run scam promotions such as “free groceries”. There are upwards of 2 million Americans who follow these groups.

How to stay safe:

The best tool is extreme caution. Think about the image, video or claim you are looking at. Who created the post and why - what do they get out of it?
Try to evaluate whether it is likely to be true; check Snopes.com for detailed information.
Do NOT forward or repost information if you are not absolutely sure it is true.