Security researchers have identified multiple phishing scams that aim to capitalize on people’s fear of COVID-19, the disease caused by the Wuhan coronavirus.
Scammers pose as authorities like the Centers for Disease Control or World Health Organization in order to trick people into handing over their personal information.
The WHO has released an advisory warning people to avoid fraudulent emails about coronavirus.
Visit Business Insider’s homepage for more stories.
As the death toll from the coronavirus outbreak continues to rise, online scammers are using email phishing schemes in an attempt to profit on people’s confusion and fear surrounding the virus.
Security researchers have identified multiple phishing scams in which attackers pose as authorities like the Centers for Disease Control and Prevention or the World Health Organization in emails, offering information about the virus in order to trick victims into downloading malicious software or handing over their login credentials.
While the coronavirus outbreak constitutes a world health crisis, experts have warned against unnecessary panic, arguing that misinformation is causing an overblown response to the disease.
A scam identified by security firm Trustwave Holdings spreads false claims that the virus has spread to victims’ home cities, then prompts users to enter their email passwords in order to read more information. Another scam teases similar information, then uses malicious links to direct victims to a fake Microsoft Outlook portal that harvests credentials.
The World Health Organization released an advisory last week urging people to stay on the lookout for phishing scams related to coronavirus. A CDC spokesperson did not immediately respond to Business Insider’s request for comment.
Here’s how the scams work, and the steps the WHO recommends to avoid falling for them.
Check the sender’s email domain and see if it matches the website of the organization they say they work for. Then, check the URLs included in the email.
In this scam documented by Trustwave, the scammer purports to be from the CDC, but uses an email from a domain other than cdc.gov and includes misleading links that lead to a different site when clicked.
Don’t trust login pages with unfamiliar URLs.
The malicious link in this scam directs users to a fake Microsoft Outlook login screen to steal their credentials — the unfamiliar URL is a tell.
When in doubt, copy and paste URLs into your browser rather than clicking hyperlinks directly.
In this case, when the misleading URL is copied and pasted from the email instead of clicked, it shows that the page doesn’t actually exist.
3 red flags Uber whistleblower Susan Fowler said she noticed early on4 big reasons to buy the $1,000 Galaxy S20 instead of the $750 Galaxy S105 reasons to buy the older Galaxy S10 instead of Samsung’s brand-new Galaxy S20
To discover more visit: feedproxy.google.com