Phishing for information


Defend yourself in the face of increased cybercriminal activity

As if protecting against the coronavirus is not overwhelming enough, we all need to be extra vigilant about computer viruses, as well. Cybercriminals are taking advantage of the recent pandemic to disseminate malware, or malicious software. This malware can allow them to take remote control of your machine and hold your files hostage, monitor your key strokes to obtain sensitive information, or observe other online activities that can help them steal your identity. Businesses and organizations, especially hospitals, are facing an increase in such ransomware attacks, whereas individuals are being targeted with a greater number of phishing scams that exploit fears and the desire for information about the COVID-19 outbreak.

A typical phishing email may appear like it came from a legitimate organization like the Centers for Disease Control and Prevention (CDC). You may be prompted to click on a link that will provide up-to-date information on the number of confirmed cases in your area or to download a file that will provide safety measures that could protect you from the coronavirus. In either case, the recipient who clicks on the link or downloads the file unintentionally downloads malware.

Here are some tips for identifying phishing emails and avoiding malicious cyber attacks.

  • Look for clues. Phishing emails often start with generic greetings or contain grammatical mistakes.
  • Be suspicious. Always question emails that ask you to enter personal information or to act immediately.
  • Verify links. Hover over a link to see where it really leads.
  • Avoid attachments. Be wary of any attachments from unknown sources.

If you suspect foul play, delete the email. Instead of clicking on a link, go to the organization’s website and log into your account directly. Call and confirm with the organization in question to see if your account is really in jeopardy. Most importantly, never enter sensitive information into an online source without verifying that the site is legitimate.