Computer Weekly has called COVID-19 the biggest-ever cybersecurity threat, thanks to the sheer scale of the social engineering attacks that seek to prey on users’ fear of the virus and the economic insecurity it has wrought. As the disease has spread around the globe, hackers have followed, targeting each new group of potential victims as COVID-19 has taken hold in their regions. 

The threat of contracting a serious, potentially deadly, illness is terrifying, but the last thing you need while you’re trying to keep yourself and your family healthy is to fall victim to a malware or ransomware attack, too. As millions around the country and the world are confined to their homes, and millions more struggling to make ends meet as they navigate being out of work for an unpredictable length of time, you need to stay vigilant against COVID-19-related cyber attacks. Follow these tips to stay safe.

1) Be Wary of Emails Claiming to Offer Hygiene or Safety Information, Cures, or Treatments

COVID-19-related phishing emails have skyrocketed, with Google reporting 18 million COVID-19 related phishing emails in the first week of April alone. While some of these emails may offer real health or safety information, they’re not going to say anything you can’t learn from reading legitimate news sources, asking your doctor, or checking the World Health Organization (WHO) website. 

You should also disregard emails offering cures or treatments. Some attacks offer to lead users to covered-up information about secret cures or treatments, playing on many users’ distrust of government or medical authorities. As of this writing, there are no cures for COVID-19. There is not yet a vaccine, and there are not yet any effective treatments for the disease. However, researchers are working around the clock to develop treatments and a vaccine, and when they do, it will be all over the news. 

2) Avoid Downloading Apps or Attachments about the Coronavirus

On April 1, 2020, the US Secret Service warned against fraudulent COVID-19-related emails containing malicious attachments. A common one has been an email purporting to offer COVID-19 hygiene tips from an Italian WHO official. The email contains a Microsoft Word attachment that, when downloaded, executes malicious code on the user’s device. 

It’s always a good idea to avoid opening email attachments you weren’t expecting from people you don’t know. But, with scammers and hackers capitalizing on people’s fears of contagion, it’s especially vital that you avoid opening email attachments from strangers who contact you with health and safety tips aboutCOVID-19, supposed information about cures or treatments, or even apps designed to help you track the progress of the disease. One popular malware attack offers users a free mapping app that can track cases of COVID-19 around the world in real-time. While the map looks legitimate, it contains malicious malware. If you want a COVID-19 tracking map, download one from a legitimate source, and make sure to read the reviews first.

3) Recognize the Signs of Phishing Attacks

Knowledge of phishing attacks and other social engineering strategies that criminals use to gain access to your personal information and devices is your most powerful weapon. Learn how to recognize phishing scams so you can avoid them. Remember that email may not be the only medium phishing scammers use — they may also send text messages or place phone calls in which they claim to be from the IRS or some other government agency, your bank, or some other organization with which you do business.

4) Consider Additional Identity Protection, If You Don’t Already Have It

The prevalence of data breaches at huge companies like Target, Facebook, T-Mobile, and even at some government organizations means that, even when you practice internet security perfectly, you might still be vulnerable to identity theft. That’s why you should consider additional protection for your identity if you don’t yet have it. Choose a reputable product like Trend Micro ID Security to monitor the dark web for your personal information, including your email address, passwords, and credit card information.

5) Use a Good Spam Filter

If most of the phishing emails the target your inbox get filtered out by a strong spam filter, then all the better. On a good day, at a moment when you’re alert, calm, and thinking clearly, you might have the wherewithal to delete spam emails unread. But you’re not always going to be at your best. You might be stressed out, anxious, or simply groggy when you open a spam email and act on emotion, rather than stopping to think things through. A good spam filter lowers the chances of that happening, even if it can’t eliminate them altogether.

COVID-19 is scary enough without throwing in malware threats, too, but they exist and they’re everywhere — perhaps they’re even more common than the virus itself. Stay alert against COVID-19-related malware threats, so you can protect your precious personal information just like you protect your health and physical safety.