code-for-a-living March 23, 2020

Defending yourself against coronavirus scams

Like a lot of you, I’m pretty glued to the news these days, trying to balance unease with calm realism. In trying times like these, we look for resources for critical information and ways to help people less fortunate than us. That’s the good news; the better angels of our nature see difficult situations—fires in…

Like a lot of you, I’m pretty glued to the news these days, trying to balance unease with calm realism. In trying times like these, we look for resources for critical information and ways to help people less fortunate than us. That’s the good news; the better angels of our nature see difficult situations—fires in Australia, global pandemic, or violent weather—and think: what can I do to help? Most people have big hearts. 

The bad news is that there are folks who see these kind acts and seek to profit off our good natures. They’ll try to take advantage of you in this sensitive time. Like we need another thing to worry about. 

For example, I’ve been keeping an eye on the Johns Hopkins Coronavirus Resource Center. It has a great interface and real time data. Some cybercriminals agreed, so they started selling a ready-made kit that uses the map to spread malware. This version loads up malicious .jar files—Java files—that can be run directly in a browser. There’s a warning, but if you allow it, you could be installing password stealing software on your computer. 

I’m sure you’ve been getting a lot of emails lately about the coronavirus and how you can shift your behaviors now that it has affected our reality. Since we’re opening a lot of these emails looking for information, malicious hackers have found themselves a new phishing strategy. Since January of this year, over 4,000 coronavirus-related domains have been registered. Emails coming from these domains are 50% more likely to be malicious when compared with other domains registered during this period. 

To help defend yourself against these scams, we asked our director of information security, Lynn Ballard, about how to guard ourselves against scams. Here’s what she had to say:

“As a security professional, these attacks are frustrating but there are things we can do to help protect ourselves:

  1. Your company can sandbox inbound email. This technique allows you to inspect the email attachment before it reaches your employees’ inbox. Also, incentivizing employees’ good email hygiene behavior (not clicking on unknown attachments or URL links and reporting suspicious emails) helps reinforce overall security awareness.
  2. As individuals at work, school, or home, you can do your part by considering what links in emails you click on. It’s ok to be skeptical of emails! For example, if you get an email from your bank with a link to their website, go to the browser and log in to your account directly rather than clicking on the email link. Also, be cautious of attachments in emails; malware can be embedded in Docx, PDF, and MP4s.”

If you get an email from a trusted agency, like the World Health Organization or the CDC, be extra suspicious. The WHO says that there have been a lot of phishing emails appearing to come from their offices. While email addresses can be spoofed—malicious mailers can make an email appear to be from anyone—view all link URLs before going to those websites. 

Phishing scams often prey on your sense of urgency to get you to act without thinking. This is when you need to take a moment and consider whether this is a genuine email in need of your attention or something you should trash. Very few emails are as urgent as they claim; the situation may require fast action, but it’s still important to stay calm and take proper precautions to avoid attacks from cybercriminals. Slow down and proceed calmly. 

In fact, that’s good advice for us all right now. Slow down. We’re hurrying through our inboxes to tie up loose ends before our next meeting, so we run on our finely tuned instincts. But in times of stress, we need to pay extra attention and proceed with caution. Malicious actors prey on stress, but preparing and examining emails before you act can prevent the worst of their actions.

Tags: , , ,
Podcast logo The Stack Overflow Podcast is a weekly conversation about working in software development, learning to code, and the art and culture of computer programming.

Related

newsletter March 27, 2020

The Overflow #14: Adapting our workflow

March 2020 Welcome to ISSUE #14 of The Overflow, a newsletter by developers, for developers, written and curated by the Stack Overflow team and Cassidy Williams. Starting this week, we’re going to be moving this newsletter to weekly rather than every other week. Things around the world are changing dramatically every day, and we want…
March 26, 2020

Ways to help the fight against COVID-19 from home

COVID-19 is reshaping how we live. Many of us are now home to help flatten the curve. We’re doing our best to work from home and juggling family care on top of it all. While self-isolation and social distancing are, according to many experts, the best way to address this pandemic, there are a few…
Avatar for Medi Madelen Gwosdz
Content Strategist
code-for-a-living April 13, 2020

Socializing with co-workers while social distancing

As we increase our social distancing efforts and have fewer people around us, building connections and socializing becomes ever more important for our mental health. We spend a lot of time at work and a decreasing amount of time socializing outside of it, so turning some of that work time into a social time can serve two purposes. For it to be effective, though, you can’t just push socializing initiatives alone.