With Covid-19 being something we all face in our daily lives, malicious actors are not giving up on scamming people out of not only their personal and financial information, but are also trying to get their victims’ money or even just installing a malicious software onto their victim’s devices.
The article linked below from Forbes is a good reminder that there are still many types of Covid-19 themed threats from phishing scams to fake websites.
Phishing Scams
Phishing emails are one of the biggest scams out there. As time goes on the scammers get more and more creative with their phishing techniques. With many people worried about Covid-19 and working from home, scammers are posing as loan specialists, health officials, and national authorities. For example, some scammers send emails that appear to be from the World Health Organization (WHO) or the Center for Disease Control and Prevention (CDC).
Here are some tip to look for to try and spot a phishing email:
Unfamiliar email address
Generic greetings
Spelling and grammatical errors
Sense of urgency or demand for immediate action
Request for banking or personal information
At UMBC we see phishing emails with scammers saying that they are from places like Cisco or Corestaff trying to give work from home opportunities to students. We have also seen attempts in which a compromised umbc account will be used to send out phishing emails. For more information on these scams or other tips please check out the DoIT security articles which are linked below.
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
Bogus Websites
Another common scamming technique is the use of fake websites. Scammers will provide a link to these websites in their phishing emails to make the scam more believable. The scammer tries to make the website look as legitimate as possible. They may do this by using similar domain names such as <www.umbc.net> instead of <www.umbc.edu>.
There are ways to try and make sure the website you are visiting is legitimate. Before you click, check the link! If you move your cursor over the link without clicking, the real link address should appear at the bottom of your browser.
Here are some other tips to help verify that a website is legitimate:
Check to see if the website has a secure connection, this can be seen at the top left of the search bar where there is a little lock icon.
Look for https in the URL instead of http, (the s stands for secure).
Verify the website's privacy policy if possible.
Check for contact information on the website, if there is no privacy or contact information that is a big red flag.
Watch out for signs of malware, meaning suspicious pop-ups and fake-looking ads.
Fake Advertisements
Similar to the creation of fake websites, scammers are creating fake ads. Scammers use fake ads to trick people into providing information for things like Covid-19 loans and stimulus checks.
Just as with phishing emails, these ads will have a sense of urgency to them. Using terms like “Act now before funds run out.” The important thing to remember here is to not click on ads on unfamiliar websites and pages. Please do not give out personal or financial information online if the person or site that you are giving it to is not secure and trusted.
Phony Phone Calls and Texts
Phishing campaigns are not limited to emails, but can appear in phone calls, text messages, and direct messages (DMs) on social media sites like Facebook and Twitter. If you receive a strange message or voicemail from an unknown sender or caller, do not respond or click on any links.
For text messages and DMs, use the same precautions as with phishing emails. Do not click on links from unsolicited messages, watch out for spelling and grammatical errors, and do not provide any personal or financial information.
For more information on tips to help protect against phishing scams done over text or DMs (also known as “smishing”) please check out this article: https://itsecurity.umbc.edu/critical/?id=94345.
When it comes to phone calls, use caution. Do not give away any personal or financial information over the phone, especially your Social Security number or bank account information. If you feel the call is suspicious, hang up. If the scammers are claiming to be from a company or a bank and you feel the call is suspicious, do not interact try to find the actual customer service number from the company’s website, to confirm if the call was legitimate or not.
For more information, please check out:
To read more articles published by DOIT visit: