How to watch out for phishing emails

As the COVID-19 pandemic gathers momentum as a global health crisis, cybercriminals are taking advantage of the situation. Targeted attempts of infecting corporations and organizations with harmful computer virus, malware and online scamming towards individuals are on the rise.

Cybercriminals exploit the vulnerability and uncertainty of the situation by distributing fake corona-themed phishing emails designed to trick you into giving away sensitive information. There are also examples of malware designed to disguise itself as a “Coronavirus map” application.

As one of the main distributors of information regarding the ongoing pandemic, the World Health Organization (WHO) is a popular victim of impersonation by scammers. WHO recently posted a warning on its web site urging individuals and organizations to be attentive of scamming attempts by fraudsters: Beware of criminals pretending to be WHO.

Governmental entities, health institutions and other relevant public agencies that are highly profiled because of the pandemic are also frequent victims of impersonation by cybercriminals now.

What are phishing emails and what should you look for? 

Check the domain, check the links and be careful about giving out personal information

Be aware of phishing emails

Fake emails are a common method used by cybercriminals. They pretend to be originating from a credible party with the intention of enticing you to reveal information that may be used in an attack directed at you or your company. 

Such information could for example be:

  • Critical business information
  • Passwords and codes
  • Other kinds of personal information

Easy to fake the sender identity of an email

Another typical method is to use a similar-looking domain to pretend the email is sent by a party you trust.  Hackers may acquire similar-looking domains to mask their phishing attempts, and the emails can be highly sophisticated and professional giving you the impression that it´s genuine.

By applying this method attackers can configure the domain to pass undetected through common protection measures implemented by IT departments to filter out malicious and harmful emails.

To ensure that you are not falling victim of such attacks, you should carefully check the sender address in the email and verify that it’s coming from a valid domain.

Unusual requests, suspicious links and misspellings are some of the things to look out for

What to look for?

Please take some time to check the actual sender address in the email.

Other things in the email you should also be aware of:

  • Strange or unusual requests, i.e. asking for your username and/or password
  • Attempts of creating fear
  • Suspicious links or attachments
  • Spelling mistakes or poor/inaccurate language

Hyperlinks are easy to fake

If the email contains hyperlinks, you should make sure the link directs you to the destination it claims. To do so, you can move the mouse pointer above the text or image that is hyperlinked, to see the destination URL it links to.

Be vigilant!

Check the domain, check the links and be careful about giving out personal information.