As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other cybercriminal scams targeting a largely at-home workforce.
Meanwhile, researchers also are finding that cyber-criminals are continuing to spoof organizations that are providing COVID-19 updates to the public. For example, IBM X-Force found recent phishing emails spoofing the World Health Organization and claiming to come directly from Dr. Tedros Adhanom Ghebreyesus, the director-general of the United Nations organization.
The FBI issued a warning Friday after agents reported seeing COVID-19 phishing campaigns and scams that use government economic stimulus checks as lures. The FBI also warned of messages spoofing the U.S. Centers for Disease and Prevention, a tactic fraudsters used earlier.
“Look out for COVID-19 phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government,” the FBI alert warns. “While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money.”
Remote workers are also a big target for COVID-19 phishing scams. The security firm AppRiver found cyber-criminals targeting at-home employees with messages that notify workers of a positive COVID-19 test within their organization. The messages contain malicious attachments disguised as protocols that the company is undertaking as well as a “flyer” that recipients are asked to open, read, and print out, according to AppRiver.