Protect your cyber-health

GEHA | May 17, 2020

COVID-19 cybersecurity
Avoid emails that attempt to steal your personal information.

Groups of bad actors are using the COVID-19 pandemic as a way to ramp up their cyber operations. They often pretend to be trusted entities and use coronavirus-themed emails to lure you into sharing your personal information.

These emails may encourage you to visit a website and enter information such as your username and password, credit card information or other personal information. 

The subject lines of these emails may entice you to subscribe to coronavirus updates or register to receive a health benefit payment. Clicking a link in the email will take you to a website that looks like one you may trust and include a password entry form or a request for bank account information in order to make a deposit to your account. These sites are not legitimate and often the only way to notice that the site isn’t real is by examining the website URL. Once you share your information, the criminals who run the site will use this information to gain access to your online accounts such as your email inbox or financial accounts. 

This problem has worldwide impact. That’s why the U.S. Department of Homeland Security, Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre (NCSC) have issued a joint alert sharing information on what to look for and how to protect yourself. 

According to the NCSC, here are some tips for spotting a harmful email:

  • Authority – Is the sender claiming to be from someone official (e.g., your bank or doctor, a lawyer, a government agency)? Criminals often pretend to be important people or organizations to trick you into doing what they want.
  • Urgency – Are you told you have a limited time to respond (e.g., in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
  • Emotion – Does the message make you panic, fearful, hopeful, or curious? Criminals often use threatening language, make false claims of support, or attempt to tease you into wanting to find out more.
  • Scarcity – Is the message offering something in short supply (e.g., concert tickets, money, or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.

The joint alert also includes tips on what to do if you have already clicked a link.


Sources:

“COVID-19 Exploited by Malicious Cyber Actors” us-cert.gov, National Cyber Awareness System, 8 April 2020.
“Phising Attacks: Dealing with Suspicious Emails and Messages” ncsc.gov,uk National Cyber Security Centre, 17 December, 2018.