The FBI and other government agencies are reporting a significant increase in COVID-19-specific cyberfraud schemes. According to reports, hackers have impersonated the World Health Organization, the Centers for Disease Control and Prevention, NATO, and even UNICEF and other charitable organizations. These bad actors have used phishing emails intended to spread malware and ransomware and have targeted multiple industries, including hospitality, government, education and research, transportation, and healthcare.

This month’s cyberfraud activity increase has been reported as four- to sevenfold over February. Among other scams, the emails purport to ask for charitable contributions and offer fake stimulus checks, testing kits, cures, and vaccines, and general information about the impact of the pandemic.

College students have also been victimized, as hackers have targeted them with faux administration announcements — ostensibly about campus closings and “virtual” class arrangements.
Especially since “work from home” is becoming the norm, organizations should warn their employees about such scams and follow standard cyber hygiene and cybersecurity precautions. Such measures include safeguarding login credentials and other sensitive information — especially in response to an email, verifying links to web addresses (by manually typing them in a web browser if at all suspicious), and looking closely for mis- or deceptive spellings and incorrect domains.

Certain telltale indicators signal an email’s lack of authenticity: It originates from an unusual sender and the link in the email looks suspicious (try hovering over the link to see whether it is familiar).

For further information, review this March 20 public service announcement from the FBI’s Internet Crime Complaint Center.