We are seeing a significant increase in the number of phishing and other fraudulent email scams being sent to BCGEU members, some trying to capitalize on people's fears related to COVID-19. Please review all incoming messages carefully, and if in any doubt about the authenticity of the message, do NOT click on any attachments or links contained within the message, delete the email.
The overwhelming amount of news coverage surrounding the novel coronavirus has created a new danger - phishing attacks looking to exploit public fears about the sometimes-deadly virus.
How does it work?
Like other types of phishing emails, the email messages claiming to be from legitimate organizations with information about the coronavirus usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft.
The email messages might ask you to open an attachment to see the latest statistics or provide personal information in order to download some important information. If you click on the attachment or embedded link, you're likely to download malicious software onto your device.
The malicious software - malware, for short - could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data, which could lead to identity theft.
Here are some tips to avoid getting tricked.
Be vigilant. Never send personal and/or financial information by e-mail.
Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Insurance number or login information is a phishing scam. Legitimate government agencies won't ask for that information. Never respond to the email with your personal data.
Check the "from" address. Hover your curser over the "from" name, you will see the actual electronic email address. Some phishing attempts use a sender email address that looks legitimate but isn't – in Microsoft Outlook a red flag is displayed when email domain doesn't match the organization that the sender says they are from. Be careful! Phishers can create links that closely resemble legitimate addresses. If you receive an email where the "from" name doesn't match the actual electronic email address delete the email.
Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it is likely a sign you've received a phishing email - delete it.
Never click on suspicious links. Phishing emails often include embedded links that look valid, but if you hover over them, you can usually see the real hyperlink. If the hyperlinked address isn't the same as what appears in the email, it's probably a phishing attempt - delete it.
Never click or open unexpected attachments. Does the email include an attachment that you weren't expecting? Never open suspicious attachments.
Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like "Dear sir or madam" signal an email is not legitimate.
Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information - right now. Instead - delete the email.
The Government of Canada's Canadian Anti-Fraud Centre has compiled a list of reported scams exploiting COVID-19 available at the following URL: https://www.antifraudcentre-centreantifraude.ca/features-vedette/2020/covid-19-eng.htm
As a reminder, the BCGEU will not ever request a member to send cash or gift cards to another member in an "emergency". All such requests should be immediately deleted.
An example of a COVID-19 scam request looks like this:
A recent example of a fraudulent email in which a claim that the recipient has been exposed to COVID-19 at a BCGEU event and is asked to open/print an attachment and proceed to an emergency clinic:
Another example of a SCAM email:
These messages are often sent to local or component executive members, and look like they have been sent by another local or component executive member. However, these are phishing emails and should be deleted.
If you receive any such emails, do NOT click on any attachments or links and delete it from your computer immediately (from both your Inbox and your Trash folder).
To the best of our knowledge, the BCGEU has not held any event where someone with a confirmed or presumption case of COVID-19 has attended. As you all know, the BCGEU started cancelling events involving more than 10 people as of March 12. We also closed all of our offices to the public as of March 18. These steps were taken to reduce the exposure of our members and our staff to this pandemic.
If you had been exposed to a confirmed or presumptive case of COVID, either at the BCGEU or at any other event, a health officer from the BC Centre for Disease Control (BC CDC) would be in touch with you, most likely by phone. Regardless of the form of contact, such contact would advise you of where and when you were exposed and would provide you with information about what steps you need to take.
IT Services Department
B.C. Government and Service Employees' Union