Rapidly changing information about the coronavirus is making all of us anxious to consume as much news as possible. Things can be a bit scary, and it’s worse when you feel like you don’t know what’s going on. However, we must stay vigilant – there are criminals out there who want to capitalize on this fear.
Criminals know that people will be quick to click on that link with information about testing for the virus, or news about local infections. Many are now working from home and IT infrastructures are taxed, thereby increasing risk. It’s a perfect opportunity for phishing scams and other kinds of fraud. Sites are promising information and then pushing malware or ransomware. False information is being propagated. And dangerous apps are trying to trick us. It’s important to be cautious about our cybersecurity in this time when we are also being cautious about our health.
We’ve provided few examples of scams relating to the coronavirus below. Stay vigilant and don’t fall prey to these criminals.
Scams to Watch Out For
Suspicious Sites and Apps
In an article from VOX, Check Point, a Cybersecurity firm, reported “that over 4,000 coronavirus-related domains — that is, they contain words like ‘corona’ or ‘covid’ — have been registered since the beginning of 2020. Of those, 3 percent were considered malicious and another 5 percent were suspicious.”
Sites and emails may impersonate government organizations using spoofing and typosquatting. If an email is spoofed, it is coming from a forged sender. That means it looks like it is coming from a different sender than it actually is. Fraudsters may also typosquat or use URLs that are similar to a legitimate site in order to trick you into thinking that the malicious site is the valid one. For example, instead of cdc.gov they could have cdc-corona.com or cdcc.gov. Make sure you are accessing valid sites. The link may say it’s taking you to the CDC site, but then take you to a completely different URL.
There have been reports of emails claiming to come from the WHO and the CDC that are actually phishing or contain malware. IBM X-Force researchers have found a phishing scheme that claims to be from the WHO chief. Instead, it installs the keylogger HawkEye. This keylogger malware can log keystrokes, capture screenshots, and send stolen data to back to the operator through encrypted email.
Phishers have also pretended to be school administrators to collect information from students. The emails purported to come from college administrators with links to updated information from a university “health team.” The link took users to an O365 phishing page to steal login information.
Phishing emails may claim to be from businesses about their new work from home policy. They could link to a site that offers real-time infection rate updates or information on where to get out-of-stock goods. There are many, many variations. It’s vitally important that you check the sender, watch out for misspellings, and hover over links.
Sales Scams and Counterfeits
When purchasing online, be on the lookout for scams. You may make a purchase and never receive your order, especially when dealing with sellers directly and using payment apps. Be on the lookout for price gouging or the sale of low-quality goods (expired, tainted, unsafe, or damaged). Watch out for refund policies and fake rebates. These scams can happen on any marketplace with third party sellers.
Another issue to be wary of is any item claiming to be a cure. The FTC and the Food and Drug Administration (FDA) sent warning letters to several sellers of items claiming they can treat or prevent the coronavirus. Currently there are no products that can cure or prevent COVID-19.
Whenever there is mass demand for a product, counterfeiters will use it for their benefit. Right now, we are currently having to worry about counterfeit masks and coronavirus testing kits. We’ll have more information on counterfeits in the time of COVID-19 in an upcoming blog.
Many social media platforms, like Facebook and TikTok, are working to combat fake information, but they cannot stop everything. It’s important to be aware of where your information is coming from.
Many of these campaigns are focused on conspiracy theories or reports of an unreleased cure. These claims can link to malicious or phishing sites. They may also play on fears to draw page views or sell a “cure.”
You should also watch for fake charities or fundraising in bad faith. It could be a person claiming to be in distress to collect funds who isn’t really in need. There will be fake investment scams that prey upon those worried about the economy. Don’t believe everything you hear or read.
Look for reliable sources. A good place to find news is the US Centers for Disease Control and Prevention. In case you don’t want to click on any links after reading this blog, go ahead and do a web search for the sites instead.
How to Protect Your Information
How to Keep Yourself Safe
Here’s a quick reminder of the basics:
- Be careful clicking on links in emails or texts and don’t open attachments. Hover over links to view the URL. If you think the information may be legitimate, go directly to the site and login instead of clicking the link. Look out for typosquatting. People register domains that may look like the valid one but are a little off, so look carefully.
- Confirm sources.
- Use reliable news sources and don’t trust everything you read.
- Use reliable online stores and beware of buying through third party sellers. Counterfeit goods and price gouging are inevitable. Other scams such as taking payment and never sending the goods may be common as well.
- Verify the validity of a charity before donating.
- Never email/IM/text your personal information, especially to unknown contacts.
There is a lot of information and anxiety in the world at this time. Remember to be careful with your personal information just as you are being careful with personal distancing. Stay safe!
Stay informed with industry-relevant emails curated by our team of experts.
We send out emails once or twice a month relating to IP Services, industry news, and events we'll be attending so you can meet our experts in person.