World Health Organization updates have been a vital source of information for governments and health professionals to stay across Coronavirus (COVID-19).
But did you ever pause to think that these might be fake?
Cyber criminals have seized upon COVID-19 as an opportunity to try to trick people into revealing their personal, banking and other information. Security experts have identified a surge in fake communications purporting to be from the World Health Organisation and the Centre for Disease Control and Prevention. 
This is phishing.
Phishing is more common than you might think. In January alone, Australians reported 2401 attacks most of which came via text message (39%) and email (34%). 
Phishing can take any form that your usual communication takes – in person, phone, fax, letter, mobile apps and online – but the end game is always the same. Cyber criminals are trying to steal from you. They are also opportunistic, as the WHO and CDC examples indicate, and will keep exploiting new opportunities and events as these occur.
Phishing emails are a particular weakness. Last year, 90% of cyber attacks in Australia started this way resulting in reported losses of over $4M, with the real costs almost certainly higher than this.
With 6.4 billion phishing emails swirling around the world daily, you can expect that some will hit your inbox. These emails look real and pretend to be from organisations that you would expect to hear from (for example, WHO, Australia Post, banks, Amazon, government agencies, law enforcement agencies, utility companies, shipping and logistics). They are basically trying to trick you into:
- Downloading software that can attack and lock your computer or network. Ransomware or crypto lockers are the most common.
- Clicking on a link to a fake website. Although these sites look real, they have been created to trick you into logging in. Once cyber criminals have your username and password, they can access your accounts, steal your data and identity, and even use your computers to launch other attacks.
Some types of phishing are easy to spot. Others, such as spear phishing, are difficult even for professionals to recognise as they are tailored for you personally.
To protect yourself and your team, the most important steps you can take to protect against phishing are:
- NEVER click on the link unless you are absolutely sure
- Check the sender’s email address AND hover your cursor over the website link to see where it really points to
- Navigate to the website rather than clicking on the link
- Look for spelling or grammar errors or slight font and logo differences
- Remember that a credible organisation will never, ever ask for your personal, financial or health information by text or email.
Investing in cyber security is important.
Always contact your IT provider for specific advice.
Visit www.fred.com.au for additional resources on cyber security and phishing, and to find out about Fred Protect, our new cyber security service.
Andrew McManus is General Manager, Managed Services at Fred IT Group.
- The World Health Organisation advisory can be found here https://www.who.int/about/communications/cyber-security).
- Based on the Australian Competition and Consumer Commission’s Scamwatch figures for January 2020: https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing