Watch out for increased cybercrime during the COVID-19 pandemic.
What are phishing emails?
Phishing emails are often used to steal people’s data, including login credentials and credit card information. Attackers usually pretend to be a trusted source and will try and get you to click on malicious links.
What are common phishing emails to look out for?
Cybercriminals are using fear of the pandemic to trick people into opening phishing emails that may compromise your computer. These emails may install malicious software or attempt to capture any sensitive data on your computer. The following are just a few examples of phishing emails you may encounter:
- “Click to donate for a COVID-19 cure”
- COVID-19 tax refund deposit
- Communications from CDC, WHO and other health agencies
- Government and EI support payments
How do I protect myself against malicious emails?
The following tips can help you identify if an email is malicious and not from a trusted source:
- Ensure the address or attachment is relevant to the content of the email
- Check to see if the email address has a valid user and domain name
- Make sure you know the sender of an email
- Look out for misspellings and poor grammar
- Be extra cautious if the email tone is urgent
- If you were not expecting an attachment, verify with the sender
- Determine if a link in an email is legitimate by hovering over it before you click to ensure the URL corresponds with the content of the email
What scams should I be aware of outside of malicious emails?
Along with malicious emails, cybercriminals may use other methods to get sensitive information from you such as vishing and smishing. Vishing is a phishing scam via voice or voicemail, while smishing is using text/SMS messages to phish people. Some common examples during this crisis include:
- “You tested positive for coronavirus”
- “We have locked your debit card for safety”
- “People infected in your neighborhood”
- “Air filters to protect you from COVID-19”
How do I protect myself against vishing and smishing messages?
Never reveal personal information over the phone. Banks will always ask pre-determined authentication questions prior to asking you for personal information, and they will never request this information via text.
How do I protect myself against malicious websites?
Since the rise of COVID-19, people have flocked to the Internet to find the latest news. Unfortunately, many websites have been created by scammers to spread misinformation. To protect yourself, ensure URLs are spelled correctly. You should also directly type the URL into a search bar instead of clicking on a provided link, as well as hover over a link to check if it will take you to the expected website.
Some common examples of malicious websites include:
- COVID-19 map by Johns Hopkins University
- Online fast tests and cures
- Canadian Red Cross offering face masks and gloves for a donation