As people search for information about COVID-19 vaccines, cyberattackers are targeting people to give health care information, payment or passwords for scams related to the pandemic.
Vinayak Tanksale, Ball State senior lecturer of computer science, said phishing scams and misinformation are spreading quickly on social media as more people fall victim to these cyberattacks.
“There are certain attacks of misinformation being spread about facts — those are pretty much targeted to a core group that hold a certain position,” Tanksale said. “The number of cyberattacks have been going up the past 20 to 25 years.”
Tanksale said anyone can be targeted in a cyberattack through links or information that looks real but might actually be dangerous. He said each attacker has a preferred demographic in their attacks, and older generations are likely the most at risk of cyber attacks because they might not know signs to look for in a phishing email.
Emails that come from untrustworthy sources, redirect users to unknown links or convey an unusual sense of urgency are three main ways to spot a phishing attack, according to the U.S. Department of Homeland Security. Tanksale said firewalls that block suspicious links from being opened are useful tools in cybersecurity for technology.
How to avoid phishing scams
What does ‘phishing’ mean?
Phishing is a cyber crime where someone posing as a legitimate institution tries to lure targets into providing sensitive data over email, phone or text message. Attackers often try to get information like banking and credit card details or passwords.
To avoid scams and protect your online identity and personal information, the Federal Bureau of Investigation offers these tips:
- Phishing attempts often change one character of a trusted source in phone numbers or emails. Carefully examine the email address, URL and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
- Remember that companies generally don’t contact you to ask for your username or password.
- Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own, and don’t use the one a potential scammer is providing. Call the company to ask if the request is legitimate.
- Be careful what you download. Never open an email attachment from someone you don’t know, and be wary of email attachments forwarded to you.
- Set up two-factor authentication on any account that allows it, and never disable it.
- Be careful with what information you share online or on social media. By openly sharing things like pet names, schools you attended, family members and your birthday, you can give a scammer all the information they need to guess your password or answer your security questions.
Source: Federal Bureau of Investigation
Subscribe to the Indiana Cyber Blog
Website visitors can subscribe to the Indiana Cyber Blog at in.gov/cybersecurity.
To test your own understanding of cybersecurity, go to the blog’s website, and click on the “assess yourself” tab.
Source: David Ayers, Indiana Department of Technology program communication manager
Tanksale’s advice is to “check before you share” or “check before you forward” to prevent inaccurate information being shared and any online identity thefts. One resource he recommends is Indiana’s Cyber Hub, a weekly blog that gives advice about how to stay safe online.
The Executive Department of Indianapolis started the Indiana Cyber Hub in December 2020 to combat phishing attacks and provide educational resources to prevent scams.
Chetrice Mosley-Romero, Indiana cybersecurity program director, said the blog works to be understandable for all audiences and attempts to feature blog posts from people from different backgrounds and job fields.
“Cybersecurity is everything,” Mosley-Romero said. “Tying it only to technology is why people still don’t understand cybersecurity.”
Mosley-Romero said the Cyber Hub works to organize its resources by job field to make it easier to navigate.
While the Indiana Cyber Hub launched last year, Mosley-Romero said her department hasn’t been promoting the blog much because her hope is people can explore the blog on their own time and find information most relevant to their personal lives. She said what exists on the blog right now has been helpful for schools and health care employees.
Particularly during the COVID-19 pandemic, Mosley-Romero said, schools have been popular targets of cyberattacks. This can be seen in “Zoom bombs” during online classes.
To promote web safety in a virtual classroom, the Indiana Cybersecurity for Education Toolkit suggests creating unique passwords for each Zoom meeting, avoiding posting Zoom links to social media and disabling screen sharing except for the meeting host.
In addition to safety advice, the Cyber Hub provides links to report a cyber crime, disproves common phishing scams and posts weekly content from different authors in their individual areas of expertise.
David Ayers, program communication manager for the Indiana Department of Technology, said blog users can choose specific topics of cybersecurity that apply to them. He said he thinks the Cyber Hub will get more visitors as people learn about and interact with the blog.
“The State of Indiana is working proactively involving the issue of cybersecurity,” Ayers said, “and, in turn, serving all Hoosiers.”
Contact Angelica Gonzalez Morales with comments at email@example.com or on Twitter @angelicag_1107.