The threat of coronavirus, or COVID-19, continues to scale. Unfortunately, for hackers coronavirus has meant just another opportunity to spread malware through phishing emails. How do they do it and how can you protect yourself? Let’s find out.
Table of Contents
Coronavirus Phishing Emails
Phishing is among the top 5 ways to get ransomware. To initiate a phishing attack, a scammer sends you an email with a malicious link/attachment. Clicking a link or downloading an attachment will get your system infected with malware. You can read more about it in our article about how ransomware works.
A cybercriminal may pretend to be a specialist from the World Health Organization informing you about coronavirus and asking you to click a link to get more information. Don’t do it, as the links are likely infected. Clicking an infected link or downloading an attachment will get your system infected with ransomware, a type of malware that hackers use to encrypt your data and demand money to give back access to it.
World Health Organization logo. Scammers put it into phishing emails to trick you.
Hackers use sophisticated social engineering methods to make you believe that they are sharing reliable information. Exploiting the concerns and fears caused by the worldwide disease, hackers offer additional information that will help you to protect yourself from coronavirus. Many people are ready to click, as there is seemingly no reason to refuse health-critical information.
However, cybercriminals are just trying to trick you into clicking an infected link and initiating a ransomware attack. After all, now there are many emails about coronavirus and it’s easy to disguise an attack as the legit one.
Using such tactics has become so widespread that the World Health Organization issued a warning about cybercriminals pretending to be WHO.
How to Detect Phishing Attacks?
Phishing is an age-old method, yet it is effective and people continue to get tricked with it. There are some general tips that will help you to detect phishing emails:
1. Ensure that emails are from a trusted source. Ideally, you have to know a person you get an email from. If not, make sure the sender has an email address that matches your organization or your partners. Often, hackers use similar domains to impersonate someone you probably trust, so simply checking the email address of the sender may prevent you from clicking it. Taking WHO as an example, the address should end with @who.int. Otherwise, the email is not from this organization.
2. Check the link. Essentially, you need to be sure that the link is trustworthy enough to click. The domain should be exactly the same as the sender’s organization.
3. Check the grammar and punctuation. Scammers often write phishing emails poorly, with misspellings and grammatical errors, so bad English is a potential red flag.
4. Carefully think before clicking. Hackers will try to create a sense of urgency to make you click without thinking. Read an email, take your time, and decide if it is legit. Better safe than sorry.
Unfortunately, even phishing-aware employees can be tricked. That’s why using additional ransomware protection tools will ensure your data is protected even if a human error takes place.
Additional Ransomware Protection
SpinSecurity for G Suite and Office 365 helps to protect from ransomware and recover the data from a backup in case of an emergency like a phishing attack. Even if your data was lost or encrypted, it can be restored from a backup, and our ransomware protection functionality prevents ransomware from spreading through the network.
SpinSecurity combines backup features with additional ransomware protection to ensure your data is secure. Features SpinSecurity offers:
- Automated daily backup
- 256-bit AES encryption for data both in-transit and at-rest
- 99.9% accurate data recovery with folder hierarchy preservation
- Multiple backup versions
- Customizable data retention
- Ransomware detection, remediation, and recovery
You can read more about our ransomware protection here. With SpinSecurity, your data is protected and can be easily recovered in case an attack happens. Though, we still recommend that you avoid clicking suspicious links.