How to Stay Safe Online During the COVID-19 Outbreak

Malicious Coronavirus Emails

Scammers are sending emails while posing as various professional health organizations such as the CDC and the World Health Organization. Most of these emails are known as phishing emails, which are used to lure the receiver to click a malicious link. These links often impersonate other websites like banks or other accounts. The fake websites prompt you to log in or enter credit cards information. The consequences of handing this information over a malicious site can be crippling. Other links may send you to websites that install Malware onto your computer.

How to Spot COVID-19 Scams in Your Email

The number one rule of thumb is to always be cautious. Therefore, never immediately click a link or download attachments from ANY email. You want to be 100% sure of its authenticity. Here is how to tell if an email is a legitimate and avoid COVID-19 scams:

1. Check the sender’s email address
   If the sender’s email address does not end with the company’s domain (for example, an email from the CDC would look something like email@cdc.gov), it is almost always a sure sign of spam. Flag the email and trash it. If it does match, that is a good sign. However, it is possible for hackers to spoof emails to look like the real thing, so check for the next things as well.
2. Look for typos and grammar mistakes
   Professional emails are usually read by a few pairs of eyes internally before it gets sent out to the public masses. This means typos and grammar mistakes are generally caught before the email hits your inbox. Scam emails are often written by one person. Additionally, it is not uncommon for the emails to have poor English translations if its origin is international. If you notice any typos or grammar mistakes, it is best to flag and trash the email.
3. Check the destination URL of any links
   Hyperlinks allow the sender to type whatever they want and have that text link to any website on the web. This means that just because you see a link to a website, doesn’t mean your destination will be that website. This is one of the main ways hackers obtain your information. To check the actual destination of a link, hover your mouse over it and you should see the revealed URL somewhere in your email program or browser.

   Test this by hovering over this link to the CDC’s website: https://www.cdc.gov/coronavirus/2019-ncov/
   As you can hopefully see, this actually links to our homepage. Refrain from clicking any link that will not bring you where you’d expect. Remember that this method of link checking works on hyperlinked images and regular text as well. If you receive a notice, you can always call your vendor directly to check on a notice or browse out directly to the vendor’s website instead of clicking on the email’s link.

Working From Home

If you are working from home or have employees working from home, you may be leaving sensitive information vulnerable. Hackers are targeting more and more people working from home in hopes to gain corporate information. Keeping yourself and your team informed on the email information above can tremendously minimize the risk of a data leak.

Another thing to do is to provide legitimate resources for employees to go to if something goes wrong. Whether it’s your internal IT department or the Microsoft help desk, giving a direct resource minimizes the chance of being baited by fake tech support.

Lastly, make sure you and your team have secure WiFi network and have changed the default password on their router. You will be off the secure work network, so double check that you are not leaving yourself to potential risks.

Stay Safe

Being vigilant is the best way to stay safe. If you’re unsure about an email, asking for a second opinion is better than taking the risk. Run it by a colleague, or contact Appletree with any questions. We can provide tech support and help you identify suspicious emails or web pages.