South African managed IT security services company, Securicom, warns email users against opening coronavirus-related messages from unsolicited senders as cyber criminals up the ante amidst the Covid-19 outbreak.

Securicom has seen a substantial increase in malicious email messages containing the words “Coronavirus”, “COVID-19”, “virus pandemic” and other terms relating to the global outbreak of Coronavirus. Opening the messages and clicking on hyperlinks therein, exposes users’ computers and devices to malware and viruses.

“People should be very weary of opening emails with subject lines and online content relating to Coronavirus. Cyber criminals are using the pandemic to grab users’ attention and lure them into opening unsafe emails, click on malicious links and browse dubious websites. This could expose your computer and devices to malware,” says the company’s GM Richard Broeke, adding that Securicom has stepped up monitoring and security on its managed email security service, Securicom e-Purifier, to filter content and stop malicious messages before they reach customers email systems.

Coronavirus-related phishing emails and messages have also increased dramatically and are cause for everyone to be extra vigilant. Phishing is the fraudulent process of acquiring information such as usernames, passwords, banking details, credit card numbers and other sensitive information by posing as an entity or company that the recipient trusts. It is an example of the many social engineering methods used by criminals to con unsuspecting people into giving away personal details, which can put them at risk of identity theft and fraud.

Phishing is carefully targeted. Emails sms, and online messages are always cleverly disguised as official or legitimate messages from banks, popular social networking websites, and even company email administrators. The websites to which the links lead also appear legitimate. This makes it extremely difficult, if not impossible, for the average person to identify a phishing email or the website to which it is linked as fake. Furthermore, because phishing messages are cleverly masked as the real thing, it is not uncommon for traditional email security solutions like firewalls and anti-spam, anti-virus and anti-spyware solutions to miss detecting them.

“Phishing emails are designed to appear as though they are from a legitimate or trusted source to trick recipients into opening them and taking action such as replying with information, opening an unsafe attachment or clicking through to a malicious website. For example, there are campaigns that appear to be from the World Health Organisation offering advice on how to prevent Coronavirus infection. However, when opening the attached documents, users unwittingly install malware on their computers which steals banking info. Prudency is therefore strongly advised.

“We’ve said it before and we will say it again, don’t divulge your personal information to anyone or any company in an email or via social media. No legitimate institution will ask you to do that,” stresses Broeke.

He offers a few tips to avoid being phished:

* Avoid opening or responding messages that insist on immediate action such as “Buy now”, “Reply now”, “Click here now” etc. Phishing emails are designed to create a sense of urgency to urge you to respond with information. Rather delete the message straight away.

* Look for generic greetings such as “hello there”, “Good morning sir/madam”, or “Hi”. Emails from legitimate senders will typically use your name in the greeting.

* Never respond to emails or messages online asking you to divulge personal information. If you receive an unsolicited email from an institution that provides a link or attachment and asks you to respond with personal information, you can be sure that it is a scam. No legitimate company will ever ask you for banking details or other sensitive information in this way.

* Look at the email address. Legitimate companies will have a domain email address. Scrutinise the email address for discrepancies and slight alterations such as an extra letter or number. For example name@standardbank1.co.za instead of name@standardbank.co.za and name@discovery25.co.za instead of name@discovery.co.za.

* Check for spelling and grammatical errors. You can be certain that messages from legitimate sources will not contain errors. Delete messages with bad grammar immediately.

* Avoid emails with attachments. Real companies will not send attachments. Instead, they will direct you to visit their website to download documents.

* Never click on links in emails. If you really want to check the site out, copy the link into your browser and view it that way.

* NEVER transact on website that do not have “https” in the URL at the top of the page. The “s” at the end of “http” indicates that the website offers some level of security.

* Set up strong filters to send dubious emails straight to your junk mail folder. Don’t be tempted to open emails in your junk mail folder. Simply delete them.

* Make sure that your laptop / computer as well as your tablets, smartphone and other devices have up-to-date antivirus software.

Broke concludes saying that an integrated email security solution that uses industry leading tools is the best option for protecting against spam, malware and phishing.