Identify and Defend Against COVID-19 Email Scams

COVID-19 email scams are on the rise and more clever than you’d expect. Don’t be fooled!

We all know that opening strange email can have dangerous consequences, right? Unfortunately, that message hasn’t connected with many people as it pertains to enticingly designed new COVID-19 email scams. Here are some of the most devious scams we’re seeing right now, and recommendations for how to keep these scams from giving cybercriminals an open door into your data and systems.

Training is essential to ensure that your staff isn’t endangering your compliance with data privacy laws or putting you in danger of a breach, and it’s ideal for combating the increased phishing attack danger that comes from a remote workforce.

Attachments with “official information” about relief programs or health information from a government agency or the UN

The fastest way to defend against unexpected government email is to delete it without opening it. The US government will NEVER ask for any personally identifying information via email. The US government and WHO will NEVER send you unsolicited informational emails. Unless you’ve specifically requested or signed up to receive information on a subject, those messages are always a trap. Register for official relief and information efforts from the organization in question’s website directly. As an aside, the US government doesn’t charge “application” or “processing” fees either, so that’s another clue that it’s a scam.

Invitations to Zoom meetings, or “new meeting room” links

Do not open, follow or accept links to Zoom meetings that you aren’t expecting. If you get an email from Zoom that indicates that an expected meeting has changed to a new room, verify it with the organizer. Avoid discussing sensitive information or transmitting sensitive information via Zoom. Use waiting rooms to control meeting traffic and avoid “Zoombombing”. It’s better to over-secure your Zoom than under-secure it, no matter how inconvenient that security might be.

Links and PDFs from DocuSign or a similar service

Don’t interact with unsolicited links or PDF’s. We’re all doing more business remotely, and that includes transmitting and receiving documents containing sensitive information that need to be reviewed and signed. If you receive an email about a document waiting for your review or asking for sensitive information, vet it carefully. If you’re not expecting anything like that, but a DocuSign link requesting your action shows up in your mailbox, contact the sender for verification before you open it.

Up-to-date training mitigates these threats quickly

Committing to regular training and testing on new email threats is the best way to keep from falling for these email scams. Rent-A-Nerd, Inc.’s Enhanced Cybersecurity offers the fastest, smartest, and most affordable way for any organization to manage phishing defense training.