Be Alert to Coronavirus Threats Online

• The comparison
• Televisions
• Be Alert to Coronavirus Threats Online

COVID-19 has become a global problem as cases spread at a rapid rate. While physical health is a major concern, you should be aware that malicious attackers take advantage of this opportunity as well. Not only do attackers send phishing emails, text messages, and make phone calls pretending to be the WHO or CDC, but these attackers leverage emotional messaging and fear to lure victims. Individuals are victims by performing the actions described in the messages; such as opening attachments, clicking links, and providing sensitive information. In a recent report, Proofpoint researchers wrote: "In this latest series of campaigns, attackers have extended the malware used in their coronavirus attacks to include not only Emotet and the AZORult information stealer, but also agent Tesla Keylogger and NanoCore RAT, all of which can steal personal information, including financial information." It is a hostile attempt to harness public fear of coronaviruses and encourage them to share personal, financial, and business information. What can you do to protect yourself? According to the World Health Organization, they can never:

• Ask you to sign in to view security information
  - Attachments to emails you did not request
  - Ask you to visit a link outside of www.who.int
  - Charge you money to apply for a job, register for a conference or book a hotel
  - Conduct lotteries or offer prizes, grants, certificates or financing by email.
  - Ask you to donate directly to emergency response plans or fundraising calls.

Here is a list of WHO guidelines for preventing phishing:

1. Verify the sender by verifying their email address

Make sure the sender has an email address like "[email protected]". If there is anything other than "who.int" after the "@" symbol, that sender is not from WHO. WHO does not send email from addresses ending in "@who.com", "@who.org " or "@who-safety.org", for example.

1. Check the link before clicking

Make sure the link starts with "https://www.who.int". Better yet, go directly to the WHO website by typing "https://www.who.int" in your browser.

1. Be careful when providing personal information

Always consider why someone wants your information and if it is appropriate. There is no reason for someone to need your username and password to access public information.

1. Don't rush and feel pressured

Cybercriminals use emergencies like COVID-19 to get people to make decisions quickly. Always take the time to think about a request for your personal information and whether the request is appropriate.

1. If you've provided confidential information, don't panic

If you believe that you have provided data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.

1. If you see a scam, report it. If you see a scam, tell us about it. Report a scam

2. You can also go directly to the source for information on the coronavirus:

• CDC
  - WHO

Smishing (phishing attacks via SMS) or Vishing (via phone or VoIP) are other flavors of social engineering techniques where attackers seek to elicit emotional responses, forcing people to mindlessly click. When you receive unexpected emails, text messages, and/or phone calls, use STOP:

1. Stop

2. Take a deep breath

3. Ability to think

4. Put email in perspective and report Phishing, SMISH, or Vish. Inform your IT team.

Remind users to never open attachments from senders they don't know. Inform users of all the forms these phishing, smishing, or vishing attempts can take. Niamh Vianney Muldoon is Senior Director of Trust and Security EMEA at OneLogin