The use of phishing emails claiming to offer a COVID-19 grants has risen rapidly in September 2022.
Since the start of the coronavirus pandemic, cyber criminals have exploited individuals and businesses into revealing sensitive information. A recent phishing campaign has been spotted across in the USA that attempts to steal financial account details from business users.
How does this phishing attempt work?
In the latest reported phishing attack, users receive an email that claims to contain a COVID-19 grant application. This idea began in 2020, as small businesses that were suffering financial difficulties due to the pandemic applied for loans and grants from the SBA.
Promising grant money to all businesses and organisations, with no need to pay it back, the phishing email includes an “Apply Now” button that takes users to a survey form that must be filled out to determine if they’re eligible for the grant.
How to stay safe
A common rule of thumb in recognizing phishing threats is to look for grammatical, style, and usage errors. While this bad actor did a passable job, there are still inconsistencies that serve as a good reminder to take a closer look at suspicious emails – especially those that seem too good to be true. In this case:
- Family’s should be plural
- Corona-virus is not a commonly acceptable usage
- “is offering designated states” is not grammatically correct
- Words are omitted in sentences throughout
- Repetitive, urgent language encouraging you to apply seems rather salesy
- The use of all caps in GRANT MONEY feels and looks unprofessional
Stay safe from phishing emails with SLAM
One of the mnemonic devices known to help people remember information is the use of an acronym. SLAM is an acronym for four key areas of an email message to check before trusting it.
S = Sender
L = Links
A = Attachments
M = Message text
By giving people the term “SLAM” to use, it’s quicker for them to check suspicious emails. This device helps them avoid missing something important. All they need to do use the cues in the acronym.