A business man using a laptop containing a COVID-19 email phishing scam. As cruel as it is, there are scammers out there looking to exploit this pandemic for personal gain. Cybercriminals are posing as organizations and sending out phishing emails – emails designed to persuade one into forfeiting private information – disguised as coronavirus resources. These phishing attacks can look convincing enough to fool users into giving up personal information or downloading an email attachment containing malware. During these trying times, it’s important to understand how to protect your business against these COVID-19 phishing scams.

How to Spot COVID-19 Phishing Emails

COVID-19 phishing emails can arrive in your employees’ inboxes in a variety of forms, seeking to prey on struggling businesses during this troublesome time. They will hide malware in links and attachments purporting to contain helpful resources. Examples of what these phishing emails may look like include:

Workplace policy updates: Cybercriminals can target a workplace email account, and if the recipient clicks on the counterfeit company policy, they’ll inadvertently download malware.
Health advice: Phishing emails may claim to offer medical advice regarding the coronavirus and will provide manipulated links and attachments claiming to contain tips and safety measures.
CDC alerts: Some emails will claim to be distributed by the CDC. They may provide a link that falsely claims to offer a list of COVID-19 cases in the surrounding area.

How to Avoid a Phishing Attack

COVID-19 phishing emails will try to lure users into clicking on a link, downloading an attachment, or providing personal information. The intent is to commit fraud, identity theft, or a data breach, so to avoid such harmful events, it’s important to instruct your employees to do the following:

Analyze the email address and link: If the email address is unrecognizable, avoid interacting with the email in any way. Also, hover your mouse over the link without clicking it, a small window will pop up with the URL. If the URL appears untrustworthy, avoid clicking it.
Check for spelling and grammatical errors: Trustworthy organizations are dedicated to professionalism and will not send out an unproofread email.
Be wary of requests for personal information: A government agency won’t ask you to provide personal information via email.
Avoid emails insisting an urgent call to action: Phishing emails often call for one to “act now.” They try to use a sense of urgency to drive a user to engage with the email without thought.

Beyond teaching your employees about the warning signs of phishing attacks, instruct them how to safely use public Wi-Fi as they will no longer be benefiting from your network’s security.

How to Protect Your Business

With the evolution of cyber threats, your business must be protected from data breaches and loss of finances, especially if your employees are now working at home. Beyond instructing your employees to forward any suspicious emails to your IT professional for further analysis, cyber insurance is one of the most effective means of safeguarding your business. In the event that you or one of your employees becomes a victim of one of these COVID-19 phishing emails, cyber insurance can cover the costs of investigation, monetary losses, and lawsuits relating to the cyber breach.

Your business’s and employee’s welfare benefits from your knowledge of cybersecurity. Learning to protect your business against COVID-19 phishing scams can prevent data breaches and shield your employees from the theft of their personal information. TJ Woods Insurance can pair you with the right cyber insurance policy and aid with all other aspects of business insurance. To find out how we can lend a hand during these trying times, contact us today.