Curious about what’s new in the phishing world? Eager to know what bait cyber criminals are using so you don’t get caught like a fish on a hook? Check out our list of five phishing themes, which act as the best ground bait for Internet users.
2020 Top Phishing Scams
We’ve talked about phishing before and if you need a refresher, check out this link.
Today, we’re looking into 5 types of themed phishing scams. We want to tell you which scams are most notorious in 2020 so that you can be ready if you are ever on the receiving end. Here’s some real-life examples and how to avoid them.
- COVID-19 or the novel coronavirus
- Example: COVID-19 cases surpassed 300,00 globally
- Unsurprisingly, coronavirus (or COVID-19) is the undisputed winner here. The whole world is worried about the current pandemic, offering cybercriminals an ideal opportunity to exploit our fear and attack us when we are most vulnerable. In a single week in April, Google blocked more than 18 million COVID-19 phishing emails daily. That gives you an idea of the scale of the problem. :/
- Themed Phishing photos
- Donations for fake charities and healthcare organizations
- Example: We need your support! Donate now!
- Donations is a classic example of a popular phishing theme, which gained an extra twist with the COVID-19 pandemic. Cybercriminals are pretending they are charities or companies working to develop vaccines or drugs for the novel coronavirus. They hook you in by explaining how you can do your part by donating in order to fund their studies or charitable work.
- Tests and cure for coronavirus
- Example: New COVID-19 prevention and treatment information! Attachment contains instructions from the U.S. Department of Health on how to get the vaccine for FREE
- In this type of phishing scam you receive an email saying that the test for coronavirus is available for you for free or that there is a new drug that will eliminate coronavirus completely. To get it, you just need to click the link below and provide your personal details…
- Economic relief
- Example: IMPORTANT: Details on the government scheme to help businesses affected by the COVID-19 pandemic
- For some, the current lockdown means severe financial problems. Governments in many countries promised to help businesses and entrepreneurs which were negatively affected. To make the most out of this situation, fraudsters and cyber criminals produce emails about available financial support schemes. They look like they are coming from a government agency or a bank and very often contain notorious malware!
- Spoofed IRS Payment Credential Phishing Page via cmattayers[.]com
- Remote work
- Example: Message Detail Internal Communication Alert: Coronavirus (COVID-19) Update
- Working from home is today’s reality. Many companies switched to remote work at the end of March and are still operating this way. Communication between the employees is done by emails, which opens doors to a huge wave of cyber-attacks. Cybercriminals can pose as your employers, sending you updates on the company’s policies. Or they can pretend to be your IT department, emailing you a link to download a new software which allegedly increases the company’s teleworking capabilities.
How Not to Get Caught?
Phishing emails are becoming much more sophisticated and creative. At the moment, they are the most common tool used by cybercriminals. To help you stay safe online we prepared a list of things you should remember when checking your emails.
- Stay alert and ask yourself questions! If an email contains info that looks unreal or too good to be true, you should not open it. If anything looks suspicious, it’s because it definitely is!
- Verify before you click a link or submit any personal information. If it’s an email from your bank or an organisation you know, call them and ask if they really sent it to you.
- Never download anything you received in an email unless you are 100% sure it’s from a trusted source.
- If you’re interested in the information the email claims to have, google it. Visit verified websites and check there.
- If in doubt, don’t open it! Ask your IT department or simply delete the message.
- Invest in training. Your attention and knowledge are your best defense against phishing attacks. Good training will make you more aware of tactics used by cybercriminals and will help you stay safe.