How to Stay Safe Online During the COVID-19 Outbreak
The COVID-19 outbreak has taken the world by surprise. In these unprecedented times, it is important to know who you can trust. Unfortunately, there are some people who are looking to benefit off of the grief and anxiety of others. COVID-19 scams are running rampant right now. We’ve outlined how to stay safe online during the COVID-19 pandemic.
Malicious Coronavirus Emails
Scammers are sending emails while posing as various professional health organizations such as the CDC and the World Health Organization. Most of these emails are known as phishing emails, which are used to lure the receiver to click a malicious link. These links often impersonate other websites like banks or other accounts. The fake websites prompt you to log in or enter credit cards information. The consequences of handing this information over a malicious site can be crippling. Other links may send you to websites that install Malware onto your computer.
How to Spot COVID-19 Scams in Your Email
The number one rule of thumb is to always be cautious. Therefore, never immediately click a link or download attachments from ANY email. You want to be 100% sure of its authenticity. Here is how to tell if an email is a legitimate and avoid COVID-19 scams:
- Check the sender’s email address
If the sender’s email address does not end with the company’s domain (for example, an email from the CDC would look something like firstname.lastname@example.org), it is almost always a sure sign of spam. Flag the email and trash it. If it does match, that is a good sign. However, it is possible for hackers to spoof emails to look like the real thing, so check for the next things as well.
- Look for typos and grammar mistakes
Professional emails are usually read by a few pairs of eyes internally before it gets sent out to the public masses. This means typos and grammar mistakes are generally caught before the email hits your inbox. Scam emails are often written by one person. Additionally, it is not uncommon for the emails to have poor English translations if its origin is international. If you notice any typos or grammar mistakes, it is best to flag and trash the email.
- Check the destination URL of any links
Hyperlinks allow the sender to type whatever they want and have that text link to any website on the web. This means that just because you see a link to a website, doesn’t mean your destination will be that website. This is one of the main ways hackers obtain your information. To check the actual destination of a link, hover your mouse over it and you should see the revealed URL somewhere in your email program or browser.Test this by hovering over this link to the CDC’s website: https://www.cdc.gov/coronavirus/2019-ncov/
As you can hopefully see, this actually links to our homepage. Refrain from clicking any link that will not bring you where you’d expect. Remember that this method of link checking works on hyperlinked images and regular text as well. If you receive a notice, you can always call your vendor directly to check on a notice or browse out directly to the vendor’s website instead of clicking on the email’s link.
Working From Home
If you are working from home or have employees working from home, you may be leaving sensitive information vulnerable. Hackers are targeting more and more people working from home in hopes to gain corporate information. Keeping yourself and your team informed on the email information above can tremendously minimize the risk of a data leak.
Another thing to do is to provide legitimate resources for employees to go to if something goes wrong. Whether it’s your internal IT department or the Microsoft help desk, giving a direct resource minimizes the chance of being baited by fake tech support.
Lastly, make sure you and your team have secure WiFi network and have changed the default password on their router. You will be off the secure work network, so double check that you are not leaving yourself to potential risks.
Being vigilant is the best way to stay safe. If you’re unsure about an email, asking for a second opinion is better than taking the risk. Run it by a colleague, or contact Appletree with any questions. We can provide tech support and help you identify suspicious emails or web pages.
Common Email Scams to Lookout For
As technology progresses, we’re finding new ways to do things better. One downside of this is, that also means scammers are finding new ways to do things better. Here is some spam to look out for.
Sextortion Email Scam
One scam that was popular last year had the scammer proclaiming that an amount of money (usually ranging from $600-$3000) in Bitcoin is enough to destroy video that they supposedly have of you. The scammer sometimes even supplies a password of yours within the email. They then threaten to release webcam video of you viewing pornography to your family, friends, and colleges. At this point, you may be nervous.
Here is an example of this scam:
What should you do?
If you’re still using the password they put in the email, you should certainly change it. Do not respond to scammers ever, just report the email and delete it instead.
Various Phishing Scams
If you haven’t heard of phishing yet, you’re probably at a higher risk of falling for it.
Phishing is a “bait” scam method (hence the relation to “fishing”) where scammers will have an imitation site that strongly resembles the real thing. It takes is a split second for them to get you. From adding a malicious extension to typing in billing information to a “failed transaction” from a fake Amazon, these scammers will pretend to be pretty much anything to get your money from you.
Here is an example of phishing (extremely authentic looking):
What should you do?
If you get an email that contains an external link, don’t click it right away.
– Double check who the sender is. Sometimes this can be a giveaway. Don’t recognize the email? Doesn’t look real? Don’t click the link.
– Use a website like https://www.urlvoid.com/ and paste the link that was provided. It will tell you the destination of the link. If anything..phishy.. comes up, don’t follow through. The link given to you in the email should be the same website as the destination.
– If nothing else, it’s better to be on the safer side. Never provide any information to a link you’re at all suspicious about.
These are emails or texts from a fake lottery company saying that you won a lot of money or very valuable prizes out of nowhere. They will tell you that there are fees and/or taxes that have to be paid before your prize can be released to you.
Here is an example of a lottery scam:
What should you do?
Simply report and delete the email. Remember that you can’t win something you didn’t enter to win.
Hallmark eCard Scam
This scam would be an example of phishing, and it comes and goes pretty frequently. It’s a fake Hallmark email that is extremely real looking. If you click the link within the email to open the supposed eCard sent to you by a “friend”, a virus will launch and install malware onto your computer.
These emails will look just like Hallmark eCards.
What should you do?
Don’t click hyperlinks without knowing the destination. Attempt to verify the eCard on Hallmark’s website directly instead of clicking the link. Report and delete any unauthentic emails.
This scam would be terrifying for any victim unfamiliar with how internet scams work. Scammers here give you the option to live or die if you do not pay up. They claim a “friend” of yours gave them a lot of money to end your life, but they are giving you a chance to save it for a price ranging anywhere from $1000-$100,000.
Here is an example of the hitman scam:
What should you do?
If you notice an email like this in your inbox, delete it without even opening it. Read below to learn where to report scams.
There are ways to keep yourself protected from scams. The most important thing is to know. Don’t believe everything that comes through your inbox and do your research.
How scammers get your information?
The scammers likely retrieved your email (and possibly an old or current password) from a database of leaked information that was obtained during a breach. To check and see if your email is associated with any data breaches, head to haveibeenpwned. You can type your email in and it will tell you if it’s ever been compromised. Also during which exact breach. Be sure to change your password if you haven’t since the last breach you were involved in.
What to do with spam
If obvious spam ever does come through your inbox, just delete it without opening it. A lot of scam emails contain what is commonly called a “pixel”. This acts as a read receipt. It will tell the scammer that the email was opened. It can also supply them with other information, such as:
- Browser you’re using
- Operating system
- IP Address
- The exact time the email was opened
Thankfully for us, there is a program that can tell us whether or not an email is being tracked. It’s called Ugly Email. It makes an eyeball appear next to the subject of any email that is being tracked. The slight downsides of this are that it’s only for Gmail and is only out for Chrome and Firefox at the moment. If you fall under the criteria, this can be a really useful tool.
You can help eliminate a popular scam by not only reporting it to your email provider, but to the IC3 as well. They are a branch of the FBI that deals with internet crime. Make sure to file a complaint for scams you may get – especially reappearing ones.
Court Notice Scam
“Court Notice” Mail Scam
One of the more alarming new scams going around involves court notice emails prompting the user to open an attachment.
Lets take a look at the especially scary-sounding court notice scam to learn how to identify it, and avoid becoming a victim to this and other email scams like it.
It Says I Need To Go To Court!
This piece of spam arrived in a client’s email box to inform him that he had to appear in court.
The email did not explain why. It didn’t include any information on how to contact the court. It didn’t even mention a name.
It did, however, have an attachment.
When the attachment was opened the antivirus software kicked into gear, giving a malware warning.
How You Can Tell This is Spam
There are a few things to watch for in suspicious emails; this one avoids some, but hits on others.
- What Is it? Would you be receiving this as an email? A notice to appear in court is a formal affair. You would receive a letter by mail, not just an unclear email with no name. And you generally opt in to receiving important correspondence through email anyway.
- The Recipient: In this case the email is being sent to an info@ email that is not addressed to any one person.
- The Sender: Check the sender’s address to see if it is consistent with what you would expect from a court email. In this case it is ambiguous; in some, it’s an obvious fake.
- Grammar: Are there typos, or is grammar terrible? In this case there are no typos and grammar is solid, but a lot of spam can be identified by grammar.
- The Attachment: The attachment is the big warning. In most notices a word document would suffice (even if they are not inherently safe). In this case a zip file is sent. Zip files can easily contain EXE files, programs that can put malicious software on your computer.
- Antivirus: Clicking on the file triggered the antivirus and told the user that malware was trying to infect his computer. He was lucky – software may not always catch everything, and opening attachments is not advisable.
[alertbox color=”yellow”]Always have some form of antivirus software on your computer, and make sure it’s automatically updating. [/alertbox][space10]
What can you do?
- Mark Them As Spam: This may teach the email client that emails of this sort are no good. In the future they might go straight to the spam box.
- Antivirus: Everyone should have some kind of antivirus software on their computer these days, with no exceptions. Windows 8 comes with its own antivirus software, and anything older has plenty of options. Make sure your computer has one, and that it’s automatically updating.
- Call the Agency: If there is no agency, like this email? Odds are pretty good it’s a spoof.
- Don’t Respond: Responding to the email just tells the sender that your email address is ‘live’ and can be put on other spam lists.
Be aware of similar email and phishing scams:
- FedEx/Shipping Scam – These inform you that there is a problem with your delivery and that your shipping label is attached. The label is a zip file. Don’t open the zip file. If you are expecting something go to your original tracking mail or the website. If you aren’t waiting on a package? Disregard.
- Friends in Distress – These scams may use a friend’s email or name to alarm you into thinking they are stranded somewhere and need help or money. Contact your friend directly to see if this is a scam.
- Spear Phishing – This is one of the phishing scams that may target your organization or you as an individual and appear to be from a trusted source. It uses your name and sounds personal. The trick here is to be careful of your private info, and if something sounds suspicious, contact the presumed sender to confirm.
Email scams are not going away. The more you educate yourself on how to spot them and what to do about them, the less likely you’ll be to fall for them when distressed and alarmed.
[alertbox] Want to know more about email and internet scams? Visit our articles on Paypal Phishing, Domain Slamming, Ransomware, Energy Bill Service Scams, and Facebook Password Scams. [/alertbox]
Facebook Password Reset Scam!
Scam of the Day: Facebook Password Reset Scam
Many of the phishing scams you may see in your mailbox are designed to alarm you into clicking, but look genuine enough at a glance so you don’t look that close. In a rush to fix things and at a cursory glance, you just click the links and do as instructed. Today’s phishing example, the Facebook Password Reset Scam does just that. And it’s rather sneaky about it.
The email in question claims to be from Facebook and the subject simply says “Facebook password change.” Then comes the familiar blue Facebook header and the name.
The message gives cursory information with little detail and instructions you to click on a link and fill out a form in order to restore your password.
The Facebook Reset Scam:
This is a traditional email scam designed to get you to click on the link. The link does not go to Facebook. Instead, clicking either sends you to a form to submit private information, or the link may lead you to a site that will put malware on your computer.
How to Know:
This email is tricky and easy to mistake for the real thing but there are a few details to look for that can tip you off to understanding this is a scam.
1. Hover your mouse over the email link after “From”. In this case it claims to be from Facebook. Hovering over the blue link with your mouse turns up something different: At the bottom of your screen, you see that “@armcandys.co.uk” is the domain from the provided email, not Facebook!
2. Hover your mouse arrow over the other link in the email, “this form”, the one you are instructed to click on to reset your password. Instead of clicking, look again at the provided URL. In this case, we have an entirely different and unknown URL.
3. Often, social media, banks, and other sites that you have an account with will greet you by the name you have signed up through them with. It is uncommon that you will receive a serious piece of correspondence without any indication as to who the email is addressed to.
What To Do:
If you get an email like this and you’re not sure if it’s real or a scam, there are a couple ways to follow up.
1. Do NOT click on the link and follow instructions. Instead, go to your browser, type in the proper URL to the real site and see if you can log in. If you have no problem logging in, then your password has not been reset.
2. Ignore and delete the phishing email.
3. If you would like to follow up on it further, go to the Facebook website and see if they have any information on phishing. They may ask you to send a copy of the scammy email, and give you further instructions on what to do.
Scams of this nature, and phishing emails in general, tend to revolve around surprise and fear, operating under the assumption that the user will click and act without thinking.
We here at Appletree Mediaworks will continue to keep you informed on the nature of these scams so when one of them lands in your mailbox, you are better informed, can stop and think about what you are seeing, and be much better prepared.
[alertbox] Want to know more about email and internet scams? Visit our articles on Paypal Phishing, Domain Slamming, Ransomware, Energy Bill Service Scams, and Court Notice Scams. [/alertbox]