Covid-19 and Malware Infections

Coronavirus (Covid-19) is disrupting the way we live and killing the economy. Many people have lost their jobs and out of work. Covid-19 does not stop cybercriminals from doing their work. Many more people working from home online and this is an opportunity that is being exploited – it’s actually a great time for cybercriminals.

Cybercriminals are using the current environment to trick users into infecting user systems by downloading malware or simply plain stealing their information.

Microsoft has reported that out of millions of emails it sees, 60,000 are Covid-19 related malicious emails (less than 2%). This is not to say that there has been an increase in malicious emails, but the fact that the email templates, scripts, subject lines are just changing.

For example, there are email campaigns that impersonate the World Health Organisation (WHO) and the Centers for Disease Control and Prevention (CDC) are just some examples.

Phishing is a technique for a way for cybercriminals to persuade you to get your personal information. Once your information is obtained, cybercriminals use your details to login to websites or install malware/backdoors into your system to steal more information.

Phishing emails are emails that are sent to steal information. Here are some examples

As an example, did that email from the DHL delivery company, HSBC, Netflix etc really come from them? 

What about that email from PayPal, Walmart, Amazon etc?

What about that email from the WHO or CDC?

 One of my saying as an auditor is “Trust, but verify”. As consumers, we all need to do this when checking emails. By all means this is not 100% foolproof, but here are just some top tips:

  • Most legitimate companies will not request for your password, credit card, national IDs etc.
  • Most legitimate know your name. Instead of “Dear customer…”, it’s more like “Dear Michael…” in the email.
  • Most legitimate companies have a legitimate domain name (like www.dhl.com) and not fake sites like (www.dhl.abcd.com).
  • Most legitimate companies know how to spell properly. Scammers may have bad spelling. This is likely to be on purpose to target those who are not as educated.
  • Most legitimate companies do not send unusual attachments in the email.

If you are in doubt, ask a colleague or friend before clicking that link or before downloading that file.

Hope that helps.

Stay Safe

#cyberattack, #cybersecurity, #dataprotection, #datasecurity, #datasecuritybreach, #gdpr, #gdprcompliance, #informationsecurity, #infosec, #pcidss, #personaldata, #security, #StayHomeSaveLives