Becky Griffin, Cobweb Digital Marketing Executive, writes …
It’s more than likely that your business is keeping its employees updated with news and advice about coronavirus (COVID-19).
With the government issuing new advice on a daily basis about how businesses can mitigate the challenges of the disease, it comes as no surprise that cybercriminal gangs are discovering ways to capitalise on the pandemic
And therefore, we’re warning businesses about a new series of phishing emails which use information related to COVID-19 as a way to target employees.
In one case, Sky News has reported that some healthcare workers have received an email supposedly from their IT team, with the subject line "ALL STAFF: CORONA VIRUS AWARENESS".
The email encourages workers to sign up for a seminar, in which they will supposedly find out what their organisation is doing in response to the outbreak.
On clicking the link, employees are sent to a login page, where information including their email address, domain and username, and password are asked for.
Other examples of COVID-19 email phishing scams can be found in this BBC news report.
Cobweb’s top tips for protecting against email scams
Some of the ways you can determine potential phishing emails include:
Looking out for poorly written emails or grammatical errors
The body of the email reported on by Sky News, begins (and we’ve highlighted the errors), “There is an ongoing outbreak of a deadly virus called coronarivus (covid-19). The virus is spreading like wide fire and the world health organization are doing everything possible to contain the current situation. The virus which originated from china has hit Europe, America, Asia and Africa. The government has hearby instructed all organization and institution to educate and enlightened their employee/staff about the virus in order to increase the awareness of the coronavirus (COVID-19).”
The email’s second paragraph goes on to, “the survey and seminar is compulsory in the battle to win the fight against this epidemic as all employees are mandated to participate in the survey immediately you receive this notice.”
Looking out for emails using a threatening tone
In many cases, cybercriminals try to scare people into taking action, which is why their emails often have a threatening tone. In the Sky News’ example, the email states, “Disciplinary measure would be taken on staff that failed to carry out this instruction.”
Clare Satchwell, Head of Product at Cobweb, says, “While in certain cases you’ll be able to determine a rogue email, unfortunately, sometimes phishing emails are more sophisticated, and are more difficult to spot - which is why we always recommend investing in an email security tool, to ensure that your business lowers the threat of an attack.
“Our free guide, Email security: from phishing to fraud - don't be left on the hook for a cyberattack explores the different email threats that businesses are susceptible to, and the solutions you can put in place to prevent attacks.
“And you can also get in touch with the Cobweb team, who are always on hand to answer any email security related questions you may have.”