Coronavirus Cybercrime Alert: COVID-19 – related Scams and Cyberattacks on the Rise

With a lot of people self-isolating and practicing social distancing, we’re spending more time online, and becoming super dependent on news and our digital tools. This new reality has given rise to many ugly side effects of the pandemic, including increased digital threats like spam, fake news, scams and the like. 

OneRep cybersecurity team reminds you about the importance of staying vigilant. Here’s a list of coronavirus-related online threats and our recommendations on how to avoid them. Use these simple rules and don’t let scammers and cyber attackers fool you.

Coronavirus scams

Coronavirus phishing scams

Do not click on suspicious links in dingy emails that promise insider information, new vaccines or miraculous recovery to you and your loved ones. Watch out for emails from seemingly familiar sources like the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO).

Why: Scammers often use familiar company names or pretend to be someone you know. These emails they send are most likely part of coronavirus-themed phishing campaigns. Their goal is to trick you into clicking on an emailed link which downloads malicious malware to your device that can later be used to steal your personal info or lock you out of your data. 

Malicious apps

Be very careful about the apps and software you download and install on your computer or other devices.  Make sure they are the original versions from a trusted source. Do not give your personal information or satisfy suspicious requests if you’re not sure they are legit. 

Why: The apps and software you install may be used to compromise your computer and your mobile phone in order to demand ransom from you or steal your sensitive data like passwords, etc. In this way, a recent global cyberattack affected people who downloaded visuals of the coronavirus spread over the world. The malware was hidden in a map with COVID-19 stats loaded from an online source. Viewers were requested to download and run a malicious application that allowed hackers to access stored passwords. A very similar version of this scam provided non-malicious COVID-19 information but offered to download an Android app that would turn on the “accurate reporting”. This ransomware app then requested extended permissions asking to be able to change the user’s password and lock their phone so that it could send lock screen alerts if a confirmed coronavirus case was detected in the vicinity. The sad outcome of the scam was that the malicious app locked phones and displayed a message about the phone data encryption and a ransom of $100 to get everything back. 

Be aware: A significant rise in malware-spreading apps has made both Google and Apple take a hard line and start banning any COVID-19 themed apps that haven’t been approved by a national government or a medical institution.

Fake URL/Passwords scams

Verify the URL of all sites that ask you to enter a password or give out any other sensitive information.

Why: Same reason as above – bad guys often create URLs similar to real websites to harvest passwords.

Government check scams

Why: In turbulent times like now people are worried about their financial security. Businesses are closing, some of us are losing jobs and the government is thinking how to lift the economic burden caused by the pandemic. Sending coronavirus stimulus checks to American tax-payers is one of the measures discussed. On the flip side, experts warn everyone that scammers will want to take advantage and exploit the situation. These checks are not yet a reality but it is important for everyone to understand that the government will not want anything from us in return for the checks. You won’t be asked to make any upfront payments, nor will you need to give away your Social Security number, bank account, credit card number or any other sensitive details to get your money. Anyone who will try to elicit your private information or lure you into paying to get the money is a scammer.

To avoid the above, make sure you follow these. 

Get the updates you trust and do some fact checking to avoid fake news

Why: Just like you need to get your news updates from reliable sources (the World Health Organization and the Centers for Disease Control and Prevention), make sure you install official updates of your system software and applications regularly to close any loopholes. Likewise, if you feel that the news or advice you’re given sounds weird – whether the virus threat is digital or offline – do some fact-checking and search the web to see if others have had the same concerns. Visit  well-known sites like What the U.S. Government is Doing to verify the legitimacy of the info you get. 

Use up-to-date antivirus software, VPN, Wi-Fi protected access and a password manager

Why: These are the general precautions that we generally advise to take at all times to increase your cyber security level. 

Do not panic

Most importantly, do not panic and keep both your mood and critical thinking up. 

Why: Good mood makes you healthier and sets an example to those around you, whereas your high level of critical thinking helps you tell fake from real. 

Let’s wrap it up 

Most scams appeal to fear and instigate urgency. The current situation is no exception.  The sensitivity and urgency around addressing the Coronavirus creates a perfect message to get potential victims to act. Scammers impose the feeling that if you don’t click on this link, confirm your credit card number or change your password now, something bad will happen. Remember this: if you’re being forced to act, ask yourself why, and try to re-evaluate if what you’re being asked to do is legitimate. 

Pause and think a bit  – it will help you avoid becoming a victim of a scam or identity fraud.  

  

Mary Shishkova

OneRep privacy specialist