March 31, 2020

Risk Management: Tips to Protect Your Workers from Phishing Scams Amid COVID-19

photo representing phishing scams amid COVID-19

With a majority of employees now working remote due to the coronavirus outbreak, phishing scams are on the rise. The fastest growing type of cybercrime, phishing is the fraudulent practice of sending emails claiming to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Once criminals have these credentials, they can use them to commit financial fraud or impersonate the real user to access corporate computer networks. Some of the emails also try to get people to download software (malware) onto their computer. The download contains a virus that monitors all activity on the device. If that computer is logged into a business network, an attacker could, potentially access information on the entire system.

Many of these scams are playing on fears of the coronavirus. The latest wave of phishing scams are repurposing standard phishing templates with coronavirus-related phishing scams. For example, you may see email subject lines like: “New coronavirus cases confirmed in your city” or “Cure identified for COVID-19.” Some also mimic those emails coming from the Centers for Disease Control (CDC) or World Health Organization (WHO).

The ways to spot these scams is not new, but your employees could probably use a refresher during this time of increased attack. Here are a few reminders of what to look for before opening emails:

  1. Examine the subject line for spelling errors and poor grammar. These are signs it could be a scam.
  2. Inspect the form address to determine if it has a letter or symbol out of place. This is a good indication it is bogus.
  3. Check the link – Hover on the link and look for misspellings as well as how the URL ends. A “.ru” on the end means the site was created in Russia; “.br” means Brazil.
  4. If the greeting isn’t personalized, the email may be fake.
  5. Be wary of emails asking for financial information. Never share personal or financial information via email or an unsecure site.
  6. Think before you click on links or open attachments, you could download malware.

Bottom line, if it seems off, delete it. Urge your employees to be extra vigilant before opening emails, especially if the subject is related to the coronavirus. Reminding them how to spot a suspicious email can help your company avoid a cyber breach.

If you have any questions or would like more information about how CBIZ can help protect your business from cyber exposure, please contact your local risk and insurance professional, or a member of our team.


Accelerated Recovery Resources

Access articles and tools to help your business generate cash, improve leverage, and align & transform as you recover from the pandemic.

COVID-19 Resources

Access all COVID-19 related articles to help your business respond to the pandemic.

Insights in Your Inbox