Top COVID-19 Phishing Scams

New and important information surrounding COVID-19 is released on a weekly, if not daily basis. The economy is struggling, unemployment is on the rise, stay-and-shelter orders are either in place or being lifted, tax deadlines are shifting, stimulus checks are being mailed…the list goes on and on. While we all need to pay particular attention to those matters affecting us personally and professionally, the overabundance of information is causing confusion.  Unfortunately, it has created a plethora of opportunity for phishing crimes and include everything from malware and ransomware, to CEO fraud and spear phishing, and more.

Threats are on the rise.

According to the Federal Bureau of Investigation, “The Internet Crime Complaint Center (IC3) has seen an increase in reports of online extortion scams during the current "stay-at-home" orders due to the COVID-19 crisis. Because large swaths of the population are staying at home and likely using the computer more than usual, scammers may use this opportunity to find new victims and pressure them into sending money.”¹

Know what to look for. 

At INKY, we are working tirelessly to help ensure our customers and their employees aren’t duped by these cybercriminals, who seem to be in overdrive during the pandemic. Important issues are becoming the center of phishing scams in an effort to take advantage of confused or distracted recipients. INKY has stopped a number of these phishing attacks and the patterns are clear. Here is a list of phishing opportunities everyone with an email account should we aware of during the COVID-19 pandemic.

• Public Health encouraging you to share your SSN, tax IDs or click on a link to download a document
• Expecting a stimulus check? Fraudulent government check phishing scams are abundant.
• Expedited payments due to the urgency surrounding the Coronavirus
• Technology staff supporting remote workers might be asking for your passwords or directing you to download software
• New teleconferencing platform link
• From telehealth to deferred premiums, Health Care providers are making a number of changes to support employees during the pandemic. At the same time, email phishing scams are surfacing that appear to be from insurance carriers.
• The U.S. Department of Labor recently released the Families First Coronavirus Response Act (FFCRA) with provisions for paid sick leave and expanded family and medical leave during the pandemic. It’s an easy topic to target employers and employees alike with false claims and malicious links.
• Is your company in need of certain supplies that are hard to get during the pandemic? Beware of supply scams complete with authentic looking retail websites, ready to grab your credit card number.

According to the FBI, many of these online extortion attempts (which come in the form of phishing emails) have commonalities, such as:¹

• The online extortion attempt comes as a phishing email from an unknown party and, many times, will be written in broken English with grammatical errors.
• The recipient's personal information – such as a user name or password - is noted in the phishing e-mail to add a higher degree of intimidation to the scam.
• The recipient is accused of visiting adult websites, cheating on a spouse, or being involved in other compromising situations.
• The phishing e-mail includes a statement like, "I had a serious spyware and adware infect your computer," or "I have a recorded video of you" as an explanation of how the information was allegedly gathered.
• The phishing email threatens to send a video or other compromising information to family, friends, coworkers, or social network contacts if a ransom is not paid.
• The phishing email provides a short window to pay, typically 48 hours.
• The recipient is instructed to pay the ransom in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions.

Being on the lookout for email phishing scams can be exhausting. You always have to be on your guard, questioning everything. With just one slip, you or an employee could lose thousands of dollars of personal or company money.  It’s just too big of a potential problem to leave to human error. Thankfully, you can protect yourself and your company from being a victim of email phishing.

INKY is the industry’s best solution for the security of your email, especially in time when more and more employees are working from home. INKY is uniquely effective at catching phishing attacks so you don’t have to. Using computer vision, artificial intelligence (AI), and machine learning, INKY searches for signs of fraud other phishing attack software misses and can detect imposters down to the pixel level. It works on any device and places highly visible warning banners directly in the email.

Consider your company’s current cybersecurity status, and then consider INKY.

----------------------

INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.

¹Source: https://www.ic3.gov/media/2020/200420.aspx