Get all the latest news on coronavirus and more delivered daily to your inbox. Sign up here.
Criminals are hard at work taking advantage of the population's mounting fears stemming from the coronavirus pandemic, warned computer security expert Alexander García-Tobar.
“Criminals are preying on our COVID-19 fear and are pretending to be the CDC or pretending to be officials that have important information about the virus,” said García-Tobar. “They’re also assuming that we will open up email attachments and click on links, which can get us into trouble. In fact, what we see is that over 80 percent of all phishing attacks is the sender not being who they claim to be.”
García-Tobar, CEO and co-founder of Valimail, has spent over two decades in the email and security business. He explained his company stops phishing attacks by validating an email sender’s identity to ensure only trusted senders get into your inbox.
Read on for some of his top advice on how to deflect online scams and hackers during the COVID-19 pandemic and beyond.
Multifactor authentication for business and personal email
García-Tobar noted that nearly all consumer email systems (Gmail, Yahoo) and almost all business email systems have the ability for users to input either a phone number or a different type of address that will confirm users’ identities.
“Most of us have seen this with various different social platforms,” said García-Tobar. “It really, really works.”
Ask your IT department whether their systems are checking senders' identities
The Valimail founder explained that users and IT departments should utilize an open standard known as DMARC (Domain-based Message Authentication Reporting and Conformance), which has started to prevent criminals from being able to send emails.
“DMARC is a global open standard that allows you to control the use of your own domain,” said García-Tobar. “It’s something that companies can put in place for themselves to make sure that only they can send emails as themselves, and criminals cannot.”
That means, for example, uber.com or whitehouse.gov make sure only they can send emails as that entity. He added DMARC not only protects companies on the inbound (people within a company) but that it also protects consumers from getting emails that may be fake.
DMARC is open to anyone who wants to deploy it, and García-Tobar said users can check on his company’s website to see whether or not their company’s domain has it in place.
Stay alert and speak up
García-Tobar explained to Fox News that alerting IT departments about suspicious behavior goes a long way in helping track scams and phishing attacks.
He suggested confirming unusual requests or ones involving sensitive information by using an alternative channel (other than email) to confirm that the request is real.
“In times of crisis, phishers and hackers know that people are going to be somewhat distracted. In fact, when I talk to my colleagues within the email security space, we’re hearing this is the highest level of phishing we've ever seen, period,” said García-Tobar. “You need to be extra cautious and alert about the emails that you're getting, make sure that you understand who's really sending them, and that's probably your best bet to protect yourself.”
For more from the CEO and co-founder of Valimail, watch Alexander García-Tobar’s full interview above.
Emily DeCiccio is a reporter and video producer for Fox News Digital Originals. Tweet her @EmilyDeCiccio.