Phishing Attempts Rising During COVID-19 Pandemic

Blues Perspectives

| 3 min read

Person on Computer
With many businesses making the switch to remote work during this time, cybercriminals have spotted an opportunity. The Blue Cross Blue Shield of Michigan Information Security team has noticed a recent increase in COVID-19-related scam attempts aimed at health care and insurance industries. These social engineering scams can take the form of phishing emails, text messages or robocalls from cybercriminals offering testing, vaccines, discounted masks and supplies. Their hope is to trick users into providing sensitive information, which is ultimately used for monetary gain. The Many Forms of Social Engineering Social engineering can take a variety of forms, from the digital world to the physical. But a recent slew of attacks has been launched at both companies and individuals, taking the guise of COVID-19 communications. If you receive an unusual email regarding COVID-19 that prompts you to take an action, you may be the target of a phishing or spoofing attempt. Spoofing is a particularly tricky form of social engineering wherein emails, websites, IP addresses and more are disguised to appear as a known, trusted source. Users that are familiar with a site or source tend to feel more comfortable clicking freely on links or responding to these communications, making this a prime tool for hackers to access personal data. Protect yourself from Email Phishing:
  • Never click on links in emails related to coronavirus, even if the source seems credible.
  • Hover your cursor over links to determine if the sender is authentic by assessing their email address.
  • Do not reply to suspected scam emails.
  • Contact the company or sender directly using official contact information to verify the authenticity of the message.
  • Do not use your company email to subscribe to subscriptions or services.
If you receive a phone call in which someone asks you to provide or verify any personal information that you did not request or have prior knowledge of, you may be the target of a Vishing attempt. Protect yourself from Phone Vishing:
  • Do not provide confidential information to anyone who calls about your identity, health insurance or personal information.
  • Do not discuss member information, protected health information (PHI) or personally identifiable information (PII) with callers who you have not verified.
  • Hang up and call the person back directly if you suspect the call is a spoofed number. For Blue Cross Blue Shield members, simply call the number on the back of your card, if the call seems suspicious.
  • Use Skype for Business to contact colleagues and verify the audience on the meeting prior to discussing confidential information.
Protecting Your Information Is More Important Than Ever In addition to an increase in social engineering scams, there are currently several websites and maps that are reporting virus statistics. Some of these websites are introducing malware into computers and devices. Many of these websites look like credible sources—making them particularly effective at breaching data—which is why it’s important to get information about the virus from trusted sources such as Blue Cross Blue Shield of Michigan, Centers for Disease Control and Prevention and the State of Michigan. The COVID-19 virus has caused unprecedented disruption around the world, but we’re here to help in any way we can. Remember to stay vigilant in protecting your information online by looking carefully at the links you click and the websites you visit. Click here for regularly updated information about COVID-19 from Blue Cross. Related Content:
Photo Credit: Simon Abrams
MI Blues Perspectives is sponsored by Blue Cross Blue Shield of Michigan, a nonprofit, independent licensee of the Blue Cross Blue Shield Association