Man-made Phish Bait on COVID-19

Data Security: Story

 Search Stories
Hot Words
Key Words
In Field


 By Huan Miles
Man-made Phish Bait on COVID-19
Keep secret data safe experienceCOVID-19 is from the nature, be or not to be, is a question. But there are some computer viruses or malware made from COVID-19. E.g., cybercriminals have used COVID-19 as phish bait since the start of the pandemic, and they’re not stopping any time soon. But there are some computer viruses or malware made from COVID-19.

In a recent COVID-19 related attack, scammers spoof your organization’s HR department and send a link to a “mandatory” vaccination status form. The phishing email claims that your local government requires all employees to complete the form. Failing to complete the form "could carry significant fines."

If you click the link in the email, you are directed to a fake login page for the Microsoft Outlook Web App. If you try to log in, you are asked to “verify” your name, birth date, and mailing address by typing this information into the fields provided. Once submitted, your information is sent directly to the cybercriminals, and you are redirected to a REAL vaccination form from your local government. The good news is that this form isn't actually mandatory. The bad news is that giving cybercriminals your personal information may lead to consequences much worse than a fine.

Remember these tips to avoid similar phishing attacks:
  • Keep cautious for every input and page; one page or panel is real doesn't mean the other areas or linked pages are safe.
  • Watch out for a sense of urgency, especially when there is a threat of a fine or a penalty. These scams rely on impulsive actions, so always think before you click.
  • Never click on a link or download an attachment in an email that you were not expecting.
  • If you receive an unexpected email from someone within your organization, stay cautious. Contact the person by phone or on a messaging app to confirm that they actually sent the email.

More tools and apps to anti-phish and email safety.