As many of us have settled into working from home, it’s important to be aware of the increased phishing and other social engineering activity that’s occurring due to COVID-19. Attackers are relying on people being unprepared for the change in work situations and eagerness to learn more about the pandemic. There has also been an increased amount of phishing related to financial institutions or situations. This is likely due to the impacts on the financial markets and fear of financial instability.
Some quick tips:
Avoid clicking on links in unsolicited emails and be wary of email attachments. Especially if you haven’t directly spoken with the person who sent it. If you are unsure, you should call the sender to verify if the email is legitimate. Don’t send an email to confirm. While your workload is most likely piling up with new challenges, it’s important to take the extra time to question what you’ve received.
Use only trusted sources for information, like government websites or a company’s website, for up-to-date information.
Don’t enter your user ids and passwords into any site you don’t recognize as part of your daily work.
Don’t give out personal or financial information in email, and don’t respond to email solicitations for this information.
No one should request your user id and password, including someone from your IT department.
Remember, if something doesn’t look right, it’s best to take some time to research it further or to report it to your Information Security or IT department.