Be especially wary of unsolicited phone calls offering COVID‑19 tests or vaccines. Hang up and use a phone number you know is correct. If you didn’t make the call, then you’re not able to verify who is on the line requesting information. Never send personal and/or financial information by email or text or volunteer information over the phone if the call seems suspicious. Learn more about spotting fake websites and online apps. If an offer sounds too good to be true, it very likely is. Also be wary of online ads for cheap or scarce items like personal protective equipment and cleaning products.Up‑to‑date information about COVID‑19 can be found on the Public Health Agency of Canada website or on your provincial health agency website. Instead, use contact information that you know is correct. If you have any doubts about a text or email purporting to contain health information or requesting donations for Canadians affected by COVID‑19, don’t use the toll‑free number, e‑mail address or website address provided because they may link you to the fraudsters. Fraudulent emails and texts can look like they come from a real organization. There are simple steps you can take to avoid becoming a victim of a pandemic-related scam: Email and text scams can also attempt to trick you into installing malware on your computer or mobile device. Phishing text, email and phone call scams are attempts to trick you into volunteering personal information to criminals, including your credit card information.
How to spot pandemic-related phishing, text and phone scams In recent variations of the scam, fraudsters have been trying to trick Canadians into installing malicious COVID‑19 notification apps or calling with offers of fraudulent home vaccination kits for an up‑front fee. In some versions, the email scams may include logos or branding for the World Health Organization or other government or public health agencies. The calls and emails may look and sound authentic.
However, many cybercriminals are becoming more sophisticated at creating authentic-looking messages, and are using professional marketing techniques to test and improve the effectiveness of their emails.Scammers are taking advantage of the novel coronavirus disease (COVID‑19) pandemic by sending fraudulent emails and making phone calls that attempt to trick you into revealing your personal information or clicking on malicious links or attachments. Some phishing emails can be identified due to poor copywriting and improper use of fonts, logos, and layouts. Via these websites, attackers attempt to collect private information like usernames and passwords, or payment information. Attackers often set up fake websites, which appear to be owned by a trusted entity like the victim’s bank, workplace, or university. Attacks are carried out through malicious attachments or links to malicious websites.
Typically, the emails the victim receives appear to come from a known contact or organization.
The phisher can then use this information to create a reliable fake message. These sources are used to gather information such as the potential victim’s name, job title, and email address, as well as interests and activities. The basic element of a phishing attack is a message, sent by email, social media, or other electronic communication means.Ī phisher may use public resources, especially social networks, to collect background information about the personal and work experience of their victim. The email claimed that the user’s account was deactivated due to too many login failures, and linked to a fake Amazon Billing Center website, which instructed the user to re-enter their payment information. In September 2020, attackers sent a phishing email, which appeared to be from Amazon, attempting to steal user credit card information. The messages attempted to trick the victim into clicking a malicious link that redirected to a fake Microsoft login page.Īmazon phishing email attempts to steal credit card information: In August 2020, attackers sent phishing emails attempting to steal Microsoft account credentials. Here are two examples of recent phishing attacks, discovered by Check Point researchers.Īttempt to steal credentials for Microsoft accounts: The brands most commonly used by attackers in fake phishing messages were Microsoft, DHL, and Apple. Phishing Attacks: Statistics and ExamplesĬheckpoint Research recently released the Brand Phishing Report for Q3 2020, which provides data about phishing attacks that attempt to imitate well known brands.Īccording to the report, email phishing was the most common type of branded phishing attacks, accounting for 44% of attacks, and web phishing was a close second.