SSL.com

Alert: Coronavirus (COVID-19) Phishing

Phishing is a malignant curse and the evil chuds behind phishing campaigns are always seeking a new angle of attack. As worry about COVID-19’s spread increases, and as more people start working and studying from home, we can unfortunately expect related scams to become widespread in the coming weeks and months. As such, it’s now more important than ever to practice safe and defensive online habits.

 

Lately, our spam folders here at SSL.com are catching phishing emails aimed at exploiting the public’s fear of the ongoing coronavirus / COVID-19 pandemic. A number of tech news websites and security software providers are also reporting widespread phishing and malware from cybercriminals posing as legitimate organizations. Among many others, Dan Goodin at Ars Technica has reported on scammers posing as University personnel and the World Health Organization, and Kaspersky Lab provides details of two phishing campaigns impersonating the US Centers for Disease Control and Prevention.

Emails of this type are intended to dupe recipients into revealing sensitive personal information (such as passwords and credit card numbers), and/or installing malware on their device. For example, a message may appear to come from an employer or school official, but contain a link to a bogus web page with a form that harvests login credentials.

Spotting Phishing Emails

The same basic techniques you can use to spot any other phishing scam apply here too:

If your email client supports S/MIME (and most do), it’s easy to check for and inspect a digital signature. Here’s how to do it in Gmail (for other clients, please check your vendor’s documentation):

1. Click the triangle to the right of the sender’s name to Show details.

2. The green check mark and Verified email address message mean that the message has been signed by a trusted digital signature. For more information, click the Sender info link. If the certificate is not trusted by Gmail, you will see the message The certificate is not trusted. For unsigned email, no certificate information will be displayed.

3. Now we can check the signer’s email address, the issuing CA, and the certificate’s validity period.

Coronavirus / COVID-19 Information Sources

Everyone at SSL.com hopes that all of our visitors are able find the information they need to stay safe and healthy during this global crisis.

Both the Centers for Disease Control and Prevention and World Health Organization offer up-to-date information resources on prevention, testing, and treatment of COVID-19. In addition, most national, state, and local health departments can be easily identified via a quick Google search — for example, Texas Health and Human Services.

Thank you for visiting SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.


Exit mobile version