When events like the outbreak of Covid-19 become projected on a global audience, cybercriminals try to exploit fear and uncertainty for financial gain. This is nothing new, with the FBI warning of phishing scams associated with Hurricane Katrina all the way back in 2005. Inevitably, malicious links posing as health advice have been popping up. There are however certain steps that people can take to mitigate against these attacks.
For decades now, phishers have used important current events like disasters to create urgency and disrupt the normal context their intended victims use to make judgements. Phishers may send emails pretending to offer information on COVID-19 or to raise money for relief, or they may send “urgent” messages stating that they matter specifically to whichever individual receives the message. These messages will be used by the phishers for their normal ends, most often to install malware or steal login information.
Certificate-signed emails from authenticates sources are immune to this sort of spoofing. Those seeking to protect their brands from being co-opted by phishers can sign their outgoing emails, making them verifiable by receiving parties.