The COVID-19 pandemic has brought out the best in many people. Around the world, communities have come together. They have practiced social distancing, showed solidarity with the victims of the virus, and publicly displayed their gratitude to front-line workers. Inevitably, however, there are a few unfortunate exceptions. As some selflessly risk their lives for the greater good, cybercriminals appear to continue their phishing attempts.

Phishing is a fraudulent attempt by cybercriminals to try to obtain sensitive information from victims by impersonating a legitimate business, organization, or person. These phishing emails usually contain malicious attachments or links that can download malware or redirect victims to malicious sites where the cybercriminals are seeking to steal users’ data, such as account credentials, financial information or social security numbers.

In many ways, this should come as no surprise. The COVID-19 pandemic creates new themes and opportunities for cybercriminals. Importantly, the subject of COVID-19 itself may provide a good hook in fraudulent communications. After all, we may be more likely to open emails that seemingly contain information, advice or appeals in relation to the pandemic.

Perhaps the best overall guidance is to check electronic communications even more rigorously than usual. Among the specific red flags we recommend to Citi Private Bank clients to be aware of include:

• Sense of urgency: Emails marked with the threat of compromise, urgency, or potential loss or gain within a short time period should be examined closely. Malicious actors use intimidation as a tactic to solicit a response out of fear or panic.

• Account information validation: Links are often included in a phishing email that leads to a legitimate-looking website that prompt victims for usernames, passwords, account numbers, and security questions. There may be a stated password change or verification required.

• Misleading domain names: By adjusting a web address, bad actors try to make a website seem legitimate. Users are likely to click on a link containing the name of the company in question, as they aren’t familiar with how a web address is constructed.

• Poor spelling and grammar: Organizations want continued business, knowing a great deal depends on the way they present themselves to others. Bad spelling or improper grammar suggest the writer does not speak the language fluently and is not representing a legitimate company.

• Only logging in to accounts via the official website or app.

• Always contact your Private Banker immediately to verify any Citi Private Bank email or other message you find suspicious.

Amid the worst global pandemic for over a century, it is only natural that our first thoughts are with the health of our loved ones and helping others. Nonetheless, it is also important to protect our data and finances from those who are cruelly trying to exploit the situation. Stay safe and stay vigilant.