How to protect yourself against email scams during the COVID-19 pandemic
Email security is always important, but as a result of COVID-19 it is especially important that you take steps to protect your private information and avoid scams.
According to an FBI alert, scammers are using the COVID-19 pandemic as a reason to switch or reschedule payments or to change other business or government funds in an attempt to pilfer money. Last month, the FBI also issued a general warningabout the rise in scam emails and malicious websites during the pandemic.
Cyber criminals are doing everything they can to capitalize on people’s uncertainty right now, so as we continue to learn how to navigate this evolving situation, these are some things that you should be on the lookout for.
1. Phishing emails
Cyber criminals are most active with phishing emails. These bogus emails are spoofed so that they look like they're coming from legitimate sources such as the World Health Organization (WHO), and the Center for Disease Control and Prevention (CDC). The emails often contain general health warnings and information about canceled conferences, flights and cruises. If you receive an email from an organization such as the WHO or CDC, don’t open attachments or click links that might try to educate you about the pandemic, its spread, or vaccines/medicines. Should you need the information, visit the official websites of credible agencies for the latest updates.
If you own a small business, the FBI says that fraudsters are sending messages using COVID-19 as an excuse to request a fraudulent switch or rescheduling of payments. They are also requesting changes to other business or government plans in order to pilfer funds. It’s important to be vigilant during this time because cyber criminals know that people and businesses are likely interested in payment information tied to the CARES stimulus package and payments.
In general, there are some things you can look out for and do to ensure an email is coming from a legitimate source.
- First ask yourself if you have an account with the company, is there a reason that they would need to contact you?
- Look at the email address itself, not just the sender name. Organizations send emails from their own email domain, for example: fultonbank.com and not a public email domain like Gmail or a domain with a series of letters and numbers.
- Look for misspellings, often times logos and other items look legitimate but the email itself is poorly written with spelling and grammar mistakes.
- The email asks for personal information such as account numbers, passwords, or instructs you to click a link or download an attachment to verify information.
- If you think an email is phishing, go to the company or organization website and contact them to verify if it is legitimate.
If you receive an email you suspect to be phishing, it is important that you don’t click on any links or attachments in the email. By doing so, you are potentially putting yourself at risk for cyber-criminals to access your personal information.
2. Malicious and fraudulent apps
Scammers are also creating fraudulent mobile device apps based on COVID-19 themes. Remember, you should only download apps from the official app store for your device and ensure it was developed by a reputable company or source.
3. Be extra cautious when sending emails
You may be communicating digitally with more companies than you’re typically used to. Remember that personally identifying information is not protected within regular email messages. If you must convey confidential information, the best way to do that is by calling the organization. If you do need to communicate via email, ask the company to originate a secure email on their end. This will require that you sign in to a portal to respond to the email message.;
If you do accidentally click a link or share personal information such as a password, make sure you reset the password immediately. If it was banking information that you shared, be sure to contact your bank immediately to notify them.