With the world grappling with a health pandemic, scams might seem shocking. Regrettably, bad actors are everywhere, always looking for opportunities, and the outbreak of COVID-19, aka coronavirus, has given them a big one. The last thing you probably want to read right now is that there’s another threat out there but unfortunately it’s true. Cybercriminals take advantage of the fear and anxiety around coronavirus to extort money from victims via scareware and ransomware attacks. Fortunately, there is hope and today we outline what you need to watch out for and how to stay cyber safe during this pandemic.
So far, several coronavirus-related attempts to cyberscam people have been reported. Some examples are:
- Emails that appear to come from government health departments
- Fake offers of tax refunds to get people to click on malicious links
- Memos to staff that appear to come from large employers
- Fake companies offering COVID-19 testing kits
- Fake websites promising to sell face masks and/or hand sanitizer
- Fake solicitations for donations to help fund a vaccine
What to Watch Out For
The first thing to watch for is a number of bogus websites registered with names relating to COVID-19. The site can look legit but is set up to steal information or infect the victim’s computer with malware.
You may get an email promising the attached information offers coronavirus safety measures, or information shared by the World Health Organization (WHO) if you click on the link, or a similar email pretending to be from a reputable news source, such as the Wall Street Journal (WSJ).
Another set of examples feature an email impersonating a healthcare company asking people to register for a fake webinar "about this deadly virus.” By clicking to register and filling out the form, the victim's information was then transmitted to an unknown group of bad actors.
What to Do
In general: be cautious. It’s understandable to be anxious, everybody is, but don’t let that stop you from taking cyber precautions. You should still:
- Be wary of anything that tries to play on your emotions and/or urges immediate action
- Question where emails are coming from – remain vigilant even if the communication appears to come from a reliable source
- Hover your mouse curosr over links before clicking them to see where they will take you – in the WSJ example, the Web address was for the “worldstreetjournal.com”
- Avoid downloading anything you didn’t explicitly ask for
- Disregard "too good to be true" deals. (“a mask that stops the virus 99.9% of the time!”)
- Ignore any communications requesting your personal information unless you contacted the sender first (to schedule an appointment or similar)
- Don’t get suckered in by fraudulent pleas for charity
Global health organizations generally do not send out emails with advice unless you explicitly ask them to. Instead, they require you to navigate directly to them for news. So unless you knowingly went and registered for a newsletter or emailing, you should heavily scrutinize any email that portends to be from places like WHO, the CDC, and similar.
If you’re still not sure about the validity of the communication, check it out. Do so by calling or using another medium to get in touch with the “source” of the received message. If you cannot find a way to do so, or if those communication methods fail, it is likely a scam.
Finally, make sure your system's anti-virus software as well as operating system are up to date and working. With many people taking a "work from home" approach, end-point security and protection becomes paramount. This way, even if you do fall for a scam, the likely damage to your computer systems will be heavily reduced.