By Karen Sprenger   /   Mar 31st, 2020

How to Spot Phishing Email Fraud

By now, you’ve likely received at least one piece of Coronavirus related spam in your email inbox – I’ve gotten messages claiming to sell everything from gloves and masks, to rapid-turnaround tests, to “cures.” Most people think the messages are irritating and insensitive, but beyond that they seem harmless. Don’t be fooled. Criminals view any crisis as a potential money-making scheme and have already been taking advantage of the pandemic to steal credentials through phishing, install malware and hold companies (including healthcare facilities) hostage through updated ransomware campaigns. Ensuring that you and your employees know how to spot phishing email campaigns is an important part of cybersecurity.

Coronavirus Phishing Emails Surge 667%

According to a recent article by TechRepublic, researchers at Barracuda Networks saw an increase of 667% in Coronavirus email attacks between March 1st and March 23rd of this year. Everyone is feeling the stress of these challenging times and looking for information. However, if employees don’t know how to spot phishing email warning signs and click one link, it can lead to a ransomware infection that can encrypt your organization’s files.

In some good news, a few known ransomware groups pledged not to attack healthcare facilities during the COVID-19 outbreak, including CLOP, DoppelPaymer, and Maze, with DoppelPaymer offering to decrypt for free “if we do it by mistake” – while acknowledging that there would be a delay while they do their “due diligence” to make sure that the victim is not lying about their identity. Time will tell if the promises are sincere – although Maze did decrypt data from a drug testing company. Unfortunately, others are continuing or in some cases, accelerating their attacks, including against hospitals actively responding to the outbreak.

All of us are working with our attention divided between the ongoing pandemic and our daily lives. Many are working from home, either on computers borrowed from the workplace or on personal computers, and a lot of parents are without childcare. At the same time the criminals are sending out their COVID-19 related email campaigns, you are simultaneously receiving dozens of emails from every company you’ve ever shared your email address with, detailing their plans for responding to the crisis. It’s a confusing time and easy to forget that every employee is part of the frontline of an organization’s cybersecurity. Now is a great time for a refresher on how to spot phishing email campaigns so you can protecting you and your company.

How to Spot Phishing Email Campaigns

Check the Source

Whenever you receive an unsolicited email, check carefully to see who it is from – not just the name, but the email address. Do they match? Do you know this person or company? Have you received email from this address before?

In the example above, the “From” is a generic “Pandemic Control” and even with parts of the email address blurred, it seemingly has nothing to do with pandemic control.

Remember that governmental sources of information – both at state and federal levels – should always come from the .gov domain – not .com.

The problem is not only external emails, but internal as well. Hackers may spoof an email address from an executive in your company and ask you to look at a file. Alternatively, you may receive an email from a vendor asking you to send payment to a new bank account as they shift operations during this challenging time. Be safe and always call or text to confirm legitimacy before clicking links, sending information or making account changes. To learn more, take BrightWise’s free microlearning quiz about link safety.

Beware of Emails that Focus on a Sense of Urgency/Fear

While many of the messages we are seeing are alarming, criminals will try to create a sense of urgency in any message they send. They want to create fear in order to entice you to click. This image from a recent message tries to play on fears of a positive test result to get you to click. If you don’t know the sender, don’t click. If it is legitimate information, you should be able to find trustworthy sources using a search engine.

What to Do if You Get a Phishing Email

Don’t Click That Link

Don’t click ANY links in an email that you are unable to verify as legitimate. If you want to know more about the topic, you can always do a quick online search. Those links are like gold to criminal enterprises. They may link to malware that will silently install on your computer; they may send you to a website that asks you to log in with your username and password. Even “unsubscribe” links in suspicious emails may be linked to malware, or at the very least be used to determine that there is a person actively using the email address which means it can be targeted or sold to other criminals.

Don’t Open That Attachment

Attachments can contain malicious code designed to execute ransomware or other malware on your computer and install it silently in the background without any interaction from you. You won’t even know it’s there.

Don’t Reply to the Email

Much like the malicious “unsubscribe” links, a reply to the attacker simply lets them know that there is a person there who is willing to interact through email. Again, that will lead to targeting and/or the sale of your email address.

Remember, it’s Not Just Email

Business Insider recently wrote about a fake COVID-19 Tracker app for Android, that was actually ransomware. Make sure that you are verifying the source of websites you visit and apps that you download. They may not be what they claim to be.

Don’t Ever Enter Your Credentials

If you do click a link in an email that you haven’t verified, and you are taken to a website that asks you to enter your username and password, stop. Don’t enter your credentials in a web form to authenticate yourself if you haven’t done your due diligence to verify the validity of the link.

If an email appears to come from someone you work with but you’re not sure it’s legitimate, it’s perfectly appropriate to call the person and ask if they sent it.

Report It

If you receive an email that raises your suspicions report it to your IT team in whatever manner has been set up at your organization. Even if you clicked or entered credentials and have misgivings about validity, report it. The quicker your team knows about a potential threat, the quicker they can respond to reset passwords and lock down accounts.

Given the current, almost surreal circumstances, it is more important that ever to be vigilant regarding spam and scams. Most attackers will take advantage of a crisis to ramp up their attacks, and these hackers will capitalize on the current climate. Make sure everyone on your team knows how to spot phishing email fraud and takes a moment to really look at that email (or text message!) and consider what the sender’s desired outcome really is. Always be suspicious and confirm before you act. Most of all, stay safe and be well in this challenging time!

For more information, read our blog on technical phishing controls and training users to avoid phishing.

About the Author

Karen Sprenger

Karen Sprenger is the COO and chief ransomware negotiator at LMG Security. She has more than 25 years of experience in cybersecurity and information technology, and she is a noted cybersecurity industry expert, speaker, and trainer. Karen is also the co-author of a new book, Ransomware and Cyber Extortion: Response and PreventionShe speaks at many events, including those held by Wall Street Journal Cyber Pro, Fortinet, the Internal Legal Tech Association, and the Volunteer Leadership Council. Karen is a GIAC Certified Forensics Examiner (GCFE) and Certified Information Systems Security Professional (CISSP) and holds her bachelor’s degree in music performance (yes, really). In her spare time, Karen considers “digital forensics” a perfectly acceptable answer to the question, “But what do you do for fun?” A lifelong Montanan, she lives in Missoula with oodles of poodles.