As the coronavirus outbreak accelerates worldwide, threat actors are taking egregious advantage of popular fears about the disease to spread malware that provides them access to sensitive personal and corporate data. During this extreme convergence of a global crisis and the ugly side of cyber, keep in mind the following ways to avoid cyber attacks.
1. Check a URL before you click on it:
Oftentimes you will be asked to click on a link provided to take you to a website that may be of interest to you. A quick way to ensure it is not taking you to a site that you were not expecting is to "hover" over the link to see which site is listed.
2. Beware of third-party sites offering news or updates:
Many attackers will take advantage of people who are trying to stay current with the latest information on COVID-19. By sending you links to information, updates, or maps that are infected with information stealing malware. Attackers will use fear and panic for personal gain as people are more likely to let their guard down to stay informed on the latest news. Here is a recent example.
3. Neither the World Health Organization (WHO) nor the Center for Disease Control (CDC) will call or email you directly unless you have signed up for such alerts:
Similar to scams around tax season where scammers will call or send you emails claiming to be the Internal Revenue Service (IRS) requesting information or demanding payment, neither WHO nor CDC will contact you directly requesting information or payment. For the latest information from these organizations, go directly to their websites instead of clicking the links in emails that could redirect you to a potentially harmful site.
4. If asked to work from home or remote, stay vigilant against would-be attackers:
Communicate only with known numbers and emails when providing updates and information on your personal safety. If your company has a VPN, stay logged in to it to ensure secure work communications. Don't send work-related items to your personal email.