We are all aware of the steps for mitigating the spread of the novel coronavirus (COVID-19):

• Wash your hands.
• Practice social distancing.
• Report exposure.

But these are not the only activities to practice right now. Cyber-criminals are taking advantage of this health crisis and the emotional upheaval it creates to perpetrate their crimes. Therefore, we also need to exercise good internet hygiene. In a time of crisis or tragedy, bad actors don’t slow down; their efforts amplify. They want our money, our data, access to our employers and anything else they can possibly monetize.

The most common risk vectors are in phishing attacks and malware exploits. Most people—even the non-technically savvy—can detect many of these threats with just a little effort. The following actions will help:

1. Look at who is sending you an email. Most attacks via email use an alias so as to look official, but checking on the full email address can reveal a very different contact. Take the time to expose the full address of the sender and look carefully for typos.
2. Do not click on links from unknown sources. A common practice of bad actors is to share seemingly helpful information (e.g., a health notice or a readiness checklist) that require you to click on a link. Never click on a link unless the sender is someone you trust, and they tell you they have already clicked on it. This includes never clicking on a link in a forwarded message from a trusted sender unless they have already clicked on it; just because they forwarded it to you does not make it safe. Find a trusted source for your outbreak information, e.g., WHO.INT or a local health resource, and type their web address in yourself to go to their secure site.
3. Do not provide any personal data to new parties. Avoid the impulse to share information as a part of ‘global reporting’ or health census, as they likely are not legitimate. Only share details with your doctor. NOTE: people are already getting phone calls from callers who say they are from the US CDC (Centers for Disease Control), informing them that “your vaccine is ready.”
4. Only offer financial assistance to known and trusted NGOs. In a time of tragedy, bad actors appeal to the goodness in others. Check known resources of valid charities before giving, such as Charity Navigator, Guidestar.org or your local tax authority.
5. Tell others about these risks and mitigations efforts, especially older friends, neighbors and family members, as they are some of the most vulnerable to fall prey to these attacks.

For businesses, it is important to do a threat assessment and understand how your day-to-day operations may have changed during the pandemic. Consider revisiting your tools to scan your networks and your email. If you have employees typically in your building that are now remote, educate them on the risks and provide tools for identifying abuse.

At Afilias, we are practicing all the above as well as heightening our systems to the new specific pandemic related threats for the domains in our portfolio. We continue our commitment to reviewing 100% of all new domain registrations to do our part in mitigating this and all other technical domain abuse.

If you believe you have found an abusive domain, report it to your internet provider, the registrar for the domain name, or ICANN.

Meanwhile, wash your hands, watch for phishing attacks, and stay well!