Coronavirus Phishing Scams: Don’t Take the Bait!
Published:
ITS Communications
ITS Communications
Note: Both of these email examples are fake. See how the first one has a fake email address (...@cdc-gov.org) and if you hover over the “safety measures” button in the second example, you’d see that the weblink is NOT legit. The second and third hoax emails may use real logos, and look realistic, but they are fake, as highlighted. THINK BEFORE YOU CLICK no matter what, so you do not become scammed.
Coronavirus Phishing Scams: Don’t Take the Bait!
As fear about the Coronavirus (COVID-19) continues to spread, so do Coronavirus-related phishing scams and emails. The virus, having already infected thousands of people, has caused a panic among individuals all over the world. Unfortunately, cybercrooks love a crisis, because it gives them all the more reason to exploit your fear and contact you with a phishing scam.
There are two main types of phishing scams circulating that you should be aware of: one is targeting industries such as manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetics in relation to global shipping; the other is targeted at individuals, asking them for personal information posing as the Center for Disease Control (CDC) and the World Health Organization (WHO).
The latter phishing scams are incorporating fake domains that are designed to look like the CDC or WHO. The real domain for the Center of Disease Control is “cdc.gov”; if you see any variation of this domain (such as cdc-gov.org), this is a phishing scam.
These emails are designed to get you to panic, which is a trick all hackers use to get you to respond right away. Remember to do your research before providing any personal information. Check the URL by hovering over any links contained in unexpected emails; for example, if the link begins with HTTP and not HTTPS, it is not secure, and is most likely a phishing scam.
Some phishing scams also include links that lead to pages that replicate the webpage for the WHO. Pop-ups asking for your email and password will appear on this webpage. Someone who believes that they, or their family, may be in danger because of the virus may fill this out without a second thought. However, you should always think twice, and consider if the information being asked of you is really reasonable. If you realize that you may have entered your information in a faulty website, change your passwords as soon as possible. Remember not to use the same password for every site, and to keep your passwords private.
In addition, other emails posing as the CDC have been asking for donations via Bitcoin to help fund its “incident management system.” Remember, the CDC is a government agency funded by U.S. taxpayers; it does not solicit individual donations, much less donations via Bitcoin. These are phishing scams designed to steal your financial information.
Luckily, like many other phishing scams, these emails have many spelling or grammatical errors, making them easy to spot. These emails are designed to exploit vulnerability in your computer software and release malware onto your device. It’s very important to be conscious and careful each time you receive an unexpected email; if there are any attachments such as Word Documents, PDFs, MP4s, or links, THINK BEFORE YOU CLICK.
You can visit the University’s website for additional information on the actual virus at - https://www.binghamton.edu/health/coronavirus/. The university will continue to share information via this website and "Dateline" on a regular basis.
Stay up to date on the latest phishing scams by regularly reviewing the ITS Phishing page and Phish Tank: https://binghamton.edu/its/phishing
Received a phishy email? Report it to security@binghamton.edu.
