Phishing is a type of online fraud aimed at gaining access to confidential user information, such as logins and passwords. This is achieved by sending mass emails or social media messages on behalf of well-known organizations, such as banks. Fraudsters often take advantage of health scares to spread fraud. The COVID-19 pandemic continues to generate dozens of such campaigns that scare recipients into clicking on malicious links or attachments in emails, text messages, or social media posts. CERT-UA continues to notice the activity of malicious software distribution (hereinafter referred to as “malware”), specifically through emails related to COVID-19.
Examples of COVID-19 fraud:
- Fake messages from healthcare organizations (e.g., the Ministry of Health)
- Fake messages from an employer about policies or procedures to address risk
- Information about protecting yourself, your children, or your community that contains malicious links or attachments
- Charitable appeals to virus victims that are not legitimate
Signs of phishing emails:
The sender's address
The address should be checked character by character. The message is sent from a public email domain, such as @google.com. The best way to check the domain name of an organization is to enter the company name into a search engine.
Subject line.
A phishing email may contain a summary of the message in the subject line, or the name of a government agency on behalf of which the attacker is writing. It may also contain deliberate typos.
Message content
The content of the message is often of a compelling nature and requires action on the part of the user as soon as possible. You can often tell if an email is a scam if it contains poor spelling and grammar. Legitimate companies do not ask for your sensitive information via email.
Attachments.
Phishing emails contain a payload. It will either be an infected attachment that you will need to download or a link to a fake website. You should pay attention to the attachment extension. The purpose of these payloads is to collect sensitive information such as registration details, credit card information, phone numbers, and account numbers.
Remember to be careful with your personal information when you surf the Internet, and be wary when someone asks you to disclose sensitive information about your identity, finances, or login details.
Examples of fraud in the Microsoft 365 university portal
Phishing
Phishing
What to do.
Do not click on links in emails
Delete such emails
Tip.
Use strong passwords to protect your data:
- Password length: The longer your password is, the harder it is to crack, so there is no “perfect” length, but we recommend using a minimum of 12 characters to meet minimum security requirements.
- Password combination: Use a combination of lowercase and uppercase letters, numbers, and
