2 Ways Hackers May Trick You Using COVID-19 Phishing Schemes

The outpouring responses from those affected by COVID-19 has been both inspiring and heartwarming. Many companies are rising above these trying times by donating a sizable profits to causes in need. Others limited on resources are doing all they can to empower their customers, such as offering free shipping, inspiring their followers on social media, and participating in empathetic marketing campaigns.

But for every glimmer of hope during this recession, there’s a bad actor looming in the shadows. With more employees switching to remote operations, cybercriminals are capitalizing on clever schemes to acquire data or money— specifically, crafting sneaky phishing messages.

Be on the lookout for the two major ways hackers are tricking people during the coronavirus pandemic:

 

1. Phishing Emails

Over the last few weeks, nearly every American’s inbox was flooded with COVID-19 response emails from their favorite product or service providers. These compassionate messages addressed how the companies were handling the outbreak, including what you could expect from them in the future and tips for overcoming these difficult times together.

But not all these outreach emails have good-intent. Bad actors are dropping malicious emails into your inbox containing hidden malware or attempting to seize credentials to your personal accounts. 

When opening a message with a COVID-19 subject line, be cautious of its contents. Hackers are manipulating people’s weaknesses right now, targeting those who have lost their jobs with money-related offerings. For instance, a malicious email may ask to send you a direct deposit in light of a new stimulus bill. They could mimic the look of a government site and ask you to enter your banking routing number to receive a direct deposit of your payout. Or, they could imitate a hospital, warning you that rooms are filling up fast and that it may be wise to pre-register in the event a loved one falls ill.

2. Voice Phishing (Vishing)

Not only are bad actors attacking your inbox, they’re also targeting your voicemail. Callers are leaving automated voice messages posing as trusted figures. You may receive a call from a spoofed number pretending to be your bank, telling you that due to difficult times, they are shutting down this branch and need to reroute your money. They’ll ask to confirm your account number and empty your savings.

Or, the cybercriminals may ask you to visit a link on your device to learn more about their company’s COVID response— which sends you a malicious URL. They could even send a malicious link to your cell phone in an unsuspecting SMS message.

Stay In-the-Know with Kevin Mitnick

No matter what, think before you click on any links inside of a coronavirus-related message. Be just as cautious about sharing information over the phone and hang up if suspicious. 

Share these COVID-19 scam tips with your friends, family, and coworkers— and be extra vigilant of bad threat actors in the weeks to come.

Stay in-the-know about all things cybersecurity by subscribing to Kevin Mitnick’s newsletter, where we’ll share deep insights from the world’s most famous hacker and his Global Ghost Team to enhance your digital security.

Topics: Remote work

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Hacking Technique Predictions for 2021: The Top Threats to Watch

Here at Mitnick Security, we pride ourselves on our passion for cybersecurity, keeping a close eye and ear on new threats and vulnerabilities— every. ..

Read more ›

User Deception: The Biggest Cyber Threat CISOs are Forgetting

As a CISO, you're always looking for the next big breakthrough to increase your organization's overall security posture.  Next-generation firewalls (N..

Read more ›

Defining the Framework for a Successful Pentest Attack

While there are different types of pentests, with every pen test consisting of four main phases— planning, pre-attack, attack, and post-attack— few re..

Read more ›
tech-texture-bg