COVID-19 email scams are on the rise and more clever than you’d expect. Don’t be fooled!
We all know that opening strange email can have dangerous consequences, right? Unfortunately, that message hasn’t connected with many people as it pertains to enticingly designed new COVID-19 email scams. Here are some of the most devious scams we’re seeing right now, and recommendations for how to keep these scams from giving cybercriminals an open door into your data and systems.
Training is essential to ensure that your staff isn’t endangering your compliance with data privacy laws or putting you in danger of a breach, and it’s ideal for combatting the increased phishing attack danger that comes from a remote workforce.
Attachments with “official information” about relief programs or health information from a government agency or the UN
The fastest way to defend against unexpected government email is to delete it without opening it. The US government will NEVER ask for any personally identifying information via email. The US government and WHO will NEVER send you unsolicited informational emails. Unless you’ve specifically requested or signed up to receive information on a subject, those messages are always a trap. Register for official relief and information efforts from the organization in question’s website directly. As an aside, the US government doesn’t charge “application” or “processing” fees either, so that’s another clue that it’s a scam.
Invitations to Zoom meetings, or “new meeting room” links
Do not open, follow or accept links to Zoom meetings that you aren’t expecting. If you get an email from Zoom that indicates that an expected meeting has changed to a new room, verify it with the organizer. Avoid discussing sensitive information or transmitting sensitive information via Zoom. Use waiting rooms to control meeting traffic and avoid “Zoombombing”. It’s better to over-secure your Zoom than under-secure it, no matter how inconvenient that security might be.
Links and PDFs from DocuSign or a similar service
Don’t interact with unsolicited links or PDF’s. We’re all doing more business remotely, and that includes transmitting and receiving documents containing sensitive information that need to be reviewed and signed. If you receive an email about a document waiting for your review or asking for sensitive information, vet it carefully. If you’re not expecting anything like that, but a DocuSign link requesting your action shows up in your mailbox, contact the sender for verification before you open it.
Up-to-date training mitigates these threats quickly
Committing to regular training and testing on new email threats is the best way to keep things like this from becoming a problem. BullPhish ID has consistently updated phishing training and testing kits, including COVID-19 training and testing materials, plus we update it with 4-6 new training kits every week to keep your staff in the loop about today’s biggest phishing and email scam threats.
Fast, effective, affordable training is essential
With over 80 phishing kits (which include the phishy email and related landing page with reply email), and 50 security video campaigns (these are short animated videos with a test and reply email), including 27 of the videos now available in 7 languages, BullPhish ID is the faster, smarter, and more affordable way for any organization to manage phishing defense training. Contact ID Agent today to start protecting your systems and data with this essential component of a strong digital risk protection platform.