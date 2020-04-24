Cybercriminals are taking advantage of the current COVID-19 pandemic to circulate phishing emails to perpetrate scams and distribute malware.
Recent malicious emails center on the sale or provisioning of medical equipment or Personal Protective Equipment (PPE).
Emails may attempt to capitalize on human emotions related to fear and need. Messages observed have contained links or attachments that contain malware or redirect recipients to malicious websites.
Emails may be from third parties representing overseas companies, claiming to have appropriate, official scientific validation of their products.
Methods to Identify Potential Fraud or Malicious Emails
- Utilize an internet search engine to research information contained in the email before clicking on links or attachments.
- This information can include email and physical addresses, company name, and telephone numbers.
- If the sender claims to have been referred by a known government official or public entity, independently contact that official or entity for verification, using contact information obtained independently, not by what is provided in the email solicitation.
- Check company domain names (i.e. yourcompanyname.com) through domain analysis tools such as urlscan.io.
- Identify characteristics or factors that one would expect to be present for legitimate business interests in your industry (i.e. professional or business licenses). Consider having a process requiring solicitors to provide documentation consistent with the identified characteristics or factors associated with businesses in your industry. Many cybercriminals will not respond to these requests or be able to provide requested documentation.
Please report COVID-19 email scams to the Virginia State Police Fusion Center at vfc@vfc.vsp.virginia.gov.
