Cybersecurity during the shutdown: Email phishing
Ever since the dawn of (digital) time, phishing schemes have plagued anyone who has an email address. Phishing is when scammers send you an email with a malicious link, hoping to lure you into clicking on it and opening your computer up to a security breach or virus. Recently, cybercriminals have been taking advantage of fears around the coronavirus (COVID-19) pandemic and sending emails that look legitimate—but aren’t.
The trouble is, there are many truly important emails circulating these days—from financial institutions, schools, businesses and employers—that contain critical information about closures and cancellations. So, how can the members of your organization tell the difference between a legitimate email and a scam?
Check the email address carefully.
Try hovering your mouse over it, which will reveal the full address. Scammers often will use a close approximation of the real site or email address. For example, one scammer used the email address CapitalOne@online.com, when the company’s real emails always come from the email@example.com.
Verify suspicious emails.
Some scammers have used organization leaders’ names to solicit gift cards from people who trust them. In these days of uncertainty, people might be more willing to believe that someone they know would ask for financial help — for themselves or a charity. When in doubt, pick up the phone and call the person who supposedly sent you an email.
Keep malware and antivirus software up to date.
This type of software can help protect you even if you happen to click on a corrupt link. Run full scans of your computer regularly.
Don’t click on unfamiliar emails. Take a moment to think before clicking on strange links in those emails. If you don’t take any actions, cybercriminals won’t be able to hack into your computer to install viruses or steal your personal information.
Don’t respond to emails claiming to be about the anticipated federal government economic impact payment.
The government will not ask you to pay any money, share your Social Security number or submit any bank information. One red flag: any email that refers to the payment as a “stimulus check.” The official term is “economic impact payment.”
When in doubt, delete the email.
Cybersecurity training materials available
Get FREE access to cybersecurity training materials today by contacting Risk Control Central at (800) 554-2642 (Option 4) Ext. 5213 or firstname.lastname@example.org.