As Check Point notes, “Hackers around the globe have found the coronavirus serving them well as an enabler of their activities, and are still riding the wave of the epidemic.”

Successful phishing messages may be hard to distinguish from real messages, which is why we list below some of the most common signs of phishing.

Common signs of a phishing attempt:

Misspelled URLs – If you get a message purporting to be from a legitimate organization, confirm that any link in the message matches that organization’s official URL before clicking on it. For example, the World Health Organization (WHO) reported suspicious email messages about the COVID-19 emergency pretending to come from them.

Requests for sensitive information – These can include requests for passwords, financial information, usernames, or credit card numbers. Avoid providing unnecessary personal information, and consider why the sender is requesting it and if sharing it is appropriate.

Spelling and grammatical errors – Another potential giveaway is the use of unusual wording and generic, non-personalized greetings, such as “dear customer.”

Unusual senders – Another red flag is if the message comes from an unexpected sender, such as someone the receiver does not know or does not communicate with regularly.

Suspicious links – Check any links before clicking on them by hovering your cursor over the link–this may show it points to a fraudulent site.

Cyber risks when remote working or learning from home

With health officials calling on us to practice social distancing to prevent the spread of the coronavirus, working from home has become increasingly common. But the fact that many of us and our colleagues will be working online without the usual protections of our office or school IT systems—which tend to catch and filter out most spam, malicious or otherwise—make us especially vulnerable to cyber-attacks.

A solution to keep your organization’s data safe while working remotely is to use a virtual private network (VPN) as your organization’s online network for remote work. VPNs connect devices to a secure server, allowing users to avoid insecure home or public wi-fi networks. They offer users an extra degree of privacy by obscuring their actual location (their IP addresses will point to the location of the server, not their actual device). Some VPNs connect users to overseas servers, allowing them to access online material (such as streaming media from other countries) normally inaccessible to U.S.-based users. In addition, all data on a VPN is encrypted, adding an extra layer of security.

VPNs, like any other network, however, still have their vulnerabilities. According to the U.S. Department of Homeland Security – CISA: cybercriminals are increasingly finding ways to infiltrate them, both by identifying their technical vulnerabilities and through phishing emails tricking employees into revealing their usernames and passwords. Adding to their vulnerability is the fact that many organizations fail to keep up with the latest patches and security updates because the network is active around the clock. By being proactive and following a few simple strategies, however, you can ensure your organization stays secure and user-friendly while everyone is working or learning from home.

Guidelines for remote working and learning:
• Confirm that everyone has the technical resources needed for remote work, including a strong internet connection and an up-to-date computer.
• Ensure the security features of the VPN and all devices using it are updated regularly.
• Scan all remote assets for viruses and other potential security issues.
• Implement two-factor authentication for logins.
• Implement controls to block users from browsing potentially malicious sites from home.
• Train your team to recognize and avoid phishing attempts
• Have a response plan in place in the event a data breach occurs.

Coronavirus and cybercrime fake news

COVID-19 and cybercrime: What you need to know

In times of uncertainty, bad actors can exploit the public through rumors and intentionally false information. The growing dissemination of “fake news” about the coronavirus, such as reports that the disease can be cured by silver compounds or other substances, can not only panic and harm those who consume it, but is often intended to generate chaos and mistrust. Such false information may be passed along innocently, or may be propagated by entities with an interest in disruption, profiteering, or pushing a particular agenda. These can include government-led organizations, cybercriminals, and hacktivists.

How to identify “fake news” and disinformation:

Source evaluation – One of the most important steps is to review the reputation and credibility of the media source. If the source is not well known, you should identify its views and biases by reviewing its background and other content it published. Note that a source can look credible, but in fact, the article can be hosted on a different domain. ABCNews.Com.Co was a website that used to post fake news stories and have its stories seem legitimate only by similarity to another reliable news source.

Author evaluation – Every text you find online has been written by a person or persons with their own set of beliefs and values. A good way to understand who the author is is to try to look for other articles by them on the same site and see the author’s viewpoint. They could also have their details on a page listing their history and experience, which is assuming an author is a real person and not a pseudonym. Credible writers will usually try their best to keep in line with reporting high-quality content based on relevant data, and not jump into far-fetched conclusions or make bold exclamation without a strong basis. Checking this kind of information out could also help your assessment of how reliable the article is.

Suspicious accounts on social networks – Social media accounts, posts, tweets, blogs, and other social channels generate a significant amount of information and disinformation. Content, once posted, can spread online like fire, even when there’s no real person behind the accounts. The content they generate is liked, retweeted, and shared by unsuspecting users. Most social media services today are flooded with accounts opened only for those reasons, so much that current assessment is that 5 percent of users are not genuine and can be called social bots. In the context of the coronavirus crisis, the activity of some of these fake users is on the rise, and social media giants like Facebook are trying to fight the spreading of the COVID-19 fake news.

Read beyond the headlines – Many times, a headline represents a limited part of the story, in an attempt to generate more traffic for the article. For that reason, headlines can sometimes seem like “clickbait,” expressing an exaggerated stance or using strong phrasing. Those kinds of headlines attempt to generate a reader’s emotional response, basing their action on the fact that many people don’t read more than the headline. Whenever you encounter a headline like this, consider it another hint for fake news.

The coronavirus crisis is not only a health issue–it’s changing the way we work, learn, travel, and interact with each other. Therefore, keeping safe in this new situation requires us to be vigilant to digital threats, cyber-attacks, and online crimes as well. This is true for our organizations, ourselves, and our loved ones, including our children who learn from home and spend a significant amount of time online. We need to join forces to fight these threats together.

Want to share a great resource? Let us know at

About the Author:

Roy is the founder and CEO of Cybint, a cyber education company. As a retired Israeli Defense Forces Major, Roy has more than 15 years of experience in cybersecurity and intelligence operations and has developed cyber education programs and technological solutions for companies, educational institutions and government agencies around the world.