Coronavirus Online Scams!!!
!!ALERT!! Scammers Are Taking Advantage of Coronavirus Crisis
In tandem with the worldwide chaos caused by Covid-19, the virus is now creating havoc in the online world too. Scammers are leveraging the COVID-19 pandemic to steal your money your personal information, or both. This is done with help of various offers of discounts and freebies on products, or listing of safety measures against the virus, and updated information on Covid-19. E-mails are also being used to sell fake medical products and job offers. Social media scamsters are also attracting people for fundraising for the help of covid-19 victims.
The intresting thing to note here is that these fake emails are being sent from the real domain of renowned health organisation like the WHO, UN, ICMR(Indian Council of Medical Research) and other tech giants to steal crucial informatoin, money or your personal data.
These are just two of the many fake emails that have spoofed the WHO’s domain name during this pandemic. Some of them carry attachments that can install malware on your devices, open a backdoor any many other harmfull acts.
Yeah, you are right it should not be this easy to impersonate a global health organisation. And yes there is a way for organisations to prevent spoofing of their domains.
The simple method is email authentication system.
SPF (Sender policy framework)
DKIM (Domain keys identification mail)
and DMARC (Domain-based message authentication, reporting and conformance) which is build on SPF and DKIM.
What is DMARC?
DMARC is a widely-accepted email authenticaton policy and repoting protocol that ensures that only authorized sender can send email using domain From: field of their email messages. DMARC also includes a reporting mechanism: Email receivers can tell the domain about whether or not the email they received passed or failed authentication. These reports let the domain owner or their DMARC vendor see who is using the domain to send email.
When your domain is configured for DMARC and set to an enforcement policy, email recipients will reject (block from delivery) or quarantine (move to a spam folder) any messages from senders not authorized by your enforcement policy.
The WHO has enabled SPF but there is no DMARC record for who.int
you can check for DMARC Record here.
How to Protect Yorself?
Do not open any unsolicited e-mails and click only on those that are from known and trusted sources. It’s critical that you don’t click on any links and attachments with mails. Also check all mails for authentic URLs, domain names and spelling errors. If you need any information, go to the official websites of organisations.
In case of financial transactions, you should cross-verify with the recipient before making the payment. and avoid making payment to untrusted sources asking for corona relief fund.
Get the latest version of operating systems and upgraded security patches.
You should also have multifactor authentication and encryption. It’s also important to segregate your personal and work-related data.
Do not download any attachment with .zip or .exe file format.
These are just some preventive measures, but the first line of defense in you yourself so think carefully before doing any payment or act online.
Stay safe
