Where crises bring unrest, the hour of those who think they can benefit from them increases. The Corona virus, which is currently keeping the world in suspense, is a current example of the absence of any moral code in cybercrime.
Michael Veit, security expert at Sophos, reveals how you can protect yourself from phishing attacks that are based on prominent topics and debates. Phishing emails are always a nuisance, but so far they have not been thematically offensive as a shipment tracking or personal email from a superior (spearpot phishing). But with the phishing attack, which is hidden behind an email in the name (and with the logo) of the World Health Organization (WHO) regarding safety instructions for the corona virus, we have once again received a phishing email with a particularly tasteless presentation. With one click, the recipient should download the security measures and – in doing so, catch something.
“Cyber criminals use every opportunity to find new victims whose data they can steal or whose smartphones and computers they can take over and infect with ransomware, for example,” says Michael Veit. “The exploitation of fears about the corona virus shows how perfidious and unscrupulous the perpetrators are. However, if you follow a few basic rules when using email and use up-to-date endpoint protection on all devices – including smartphones – you will prevent such attacks from coming to fruition.”
Pars pro Toto: Corona phishing attack
Phishing attacks all follow a similar choreography: Experienced readers of English quickly recognize the many spelling and grammatical errors in the email. The link you are asked to click on is also dubious: a compromised music site with a strange name that, at first glance, has no connections to any known health organization. However, since most emails are read on mobile devices, the “mouse over” function does not work there, which means that it is very difficult to check the sender address and links in the URL. The assumption that only PCs are susceptible to infection leads to more careless use of mobile devices and can accelerate infection.
[mk_ad]
Nevertheless: the scam site is very simple but effective. It looks like the original from the WHO. The only thing here is that the pop-up window entices criminals to enter data. In addition: The strong social preoccupation with the topic that phishing addresses means that information about it appears plausible: WHO, Corona, safety instructions. That sounds like a comprehensible causal chain.
Keep calm, think and take precautions – effective tips against phishing attacks
What can you do to avoid falling victim to phishing attacks that are tied to current debates? Sophos expert Michael Veit has put together eight proven security measures.
1. Keep calm.
Phishing emails want to pressure their recipients into clicking on a link. The rule here is to keep calm and not do anything at all. After all, this unsolicited advice was not commissioned. If you have urgent questions about the topic of the phishing email (whether Corona, climate protection, pension provision, etc.), it is better to do your own research.
2. Don't be impressed by the name.
Whether it's the WHO, the Federal Chancellor, the pension fund or the school management: cybercriminals know which addresses attract attention. Don't act hastily.
3. SPELLING and Gramatick.
Maybe not as noticeable as here, but they are there: errors. Reading carefully, even if it's just a small anomaly, can protect against a lengthy phishing attack.
4. Malware protection for smartphones and tablets
We protect our computers from viruses etc., but not the smartphone we use every day? Especially since checking links is hardly possible, a malware protection function is a sensible basis and, in combination with careful behavior, can significantly minimize the risk of infection.
5. Don't enter data into a form that a website would never ask for.
Why should the websites of the World Health Organization, Greenpeace etc. ask for email addresses and even passwords? When you look closely, this query usually makes little sense. Therefore, if in doubt, it is better not to enter anything. Or clarify the accuracy in a short phone call.
6. If the password fell into the wrong hands – change the password.
It may happen that you were unable to adhere to the “keep calm” advice. Data has been entered and now you notice the fraud. Then you have to act quickly and change the stolen password immediately before the criminals try it out.
7. Clean password hygiene
Passwords should never be used multiple times. This makes it very easy for fraudsters who have stolen the code word to get through all the accounts. A password system or a password manager can help here.
8. Two-factor authentication
More complicated, but very effective: two-factor authentication is a strong barrier for criminals and takes away the omnipotence of password theft because there is no combination partner.
Article image: Shutterstock / By ilyapfoto
Also read: No, smoking weed doesn't help against the new coronavirus!
If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:
📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.
Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!
* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )

