The following is a Phishing Alert from EIIA – Educational & Institutional Insurance Administrators concerning recent sharp increases in phishing attacks occurring over the past week related to Coronavirus and COVID-19.
All emails from the outside with the words COVID-19 or Coronavirus will be flagged with a header:
I am sending this email to alert everyone about the recent sharp increase in phishing attacks occurring over the past week. Hackers and cybercriminals are using public apprehension over the coronavirus outbreak to advance their agendas. IBM recently warned consumers that ransomware has entered the mix of coronavirus-themed payloads hackers are unleashing. Emails purporting to contain information about the spread of the coronavirus will secretly download the Emotet malware that allows hackers to steal information and deliver malware.
The types of emails you may receive to get your attention to click a malicious link or open an attachment include:
- Fake school or CDC emails could make you think you or your child has been exposed to COVID-19. They could say your family may face quarantine.
- False claims that there’s a vaccine for sale or some form of remedy available.
- Misleading ads about masks that may not be effective or other helpful hints to combat the virus.
- Emails with “latest” updates to keep you informed as criminals are aware that everyone wants to know everything first.
What can you do?
- Be careful opening any web links or attachments, even if you know the sender, it may be a compromised sender.
- Look for “Red Flags” in emails you receive. Red Flags include abnormalities in the sender, topic, links, content, etc. To help everyone on this topic, please refer to the following link on our website for a helpful one page document: https://members.eiia.org/wp-content/uploads/assets/SocialEngineeringRedFlags.pdf
- Contact your IT department whenever you have any doubts or concerns.
Please let me know if you have any questions. I hope this information is helpful and everyone be careful out there.
Gerry Hamill, MBA, CISSP
IT Risk Management