The world is on alert over the spread of Coronavirus. People are stressed, making plans to protect themselves by stocking up on masks and food, rearranging travel plans, and practicing social distancing. Many are checking news websites for updated information about the status of the virus and are expecting to be kept up to date by local authorities or even their workplace, creating a convenient scenario for scammers.

Hackers are taking widespread interest in Coronavirus Disease 2019 (COVID-19) as an opportunity to steal information and spread malware. They are playing on people’s fears, knowing some people will be more likely to click a link in an email that contains information about the virus and appears to be from the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). Official-looking emails are turning up with attention-grabbing headlines such as “Coronavirus outbreak in your city (Emergency).” These subjects are meant to get you to click without walking through any phishing recognition steps. Let’s review these steps, shall we?

Step 1. Who Sent It?

The sender name may say “Centers for Disease Control,” but remember that you must go beyond the sender name and check the actual email address to determine who sent the email. Hackers will be deceitful, using addresses similar to real CDC domains such as news@cdcgov.org or alert@cdc-gov-org.com.

The email may even contain official logos from the CDC or other Federal agencies, but these logos are easily copied from their website. A logo is not an indication of legitimacy.

Step 2. Was It Expected?

If you find yourself on high alert about Coronavirus, you may feel that an emergency email is expected. It’s not. Federal agencies will not communicate with you via email.

Step 3. What Action is Requested?

Does the email ask you to click a link or button? Any time an email directs you to a website, think twice. Hover over the link (without clicking) to see the true destination. Sometimes just clicking a malicious link is enough to infect your computer with malware.

If you do click on a suspicious link and arrive on any type of login page, consider this a major red flag. Chances are high that it’s a scam page looking to steal your username and password.

Step 4. Verify with the Source

If you are looking for information about Coronavirus, you can head to this CDC page for official updates. Never use contact information in a suspicious email; it will probably connect you with the scammer.

Here at Cyber Safe Workforce, we hope that you and your loved ones stay healthy–both in person and online.