As is the case with many disastrous situations, the cybercriminals and scammers have crawled out from under their rocks in droves to take advantage of the fears and concerns created by the rapidly spreading coronavirus.
Beware Coronavirus Websites
Many reputable sources are reporting that, within a very short space of time, literally thousands of new domains have been registered with either Coronavirus or COVID-19 included in the domain name. While some of these might be legitimate sites, the sheer volume alone suggests that the vast majority have been set up for nefarious purposes– from extracting personal data to eliciting financial details, and even to potentially deliver malware.
Be very wary of any site with Coronavirus or COVID-19 in the name. If you want to check on the virus’s status, stick solely to known reputable online resources, for example:
- World Health Organization (International)
- Department of Health (Australia)
- Center for Disease Control and Prevention (U.S.A.)
- National Health Service (U.K.)
Beware Online Shopping
With shortages of essential items, many people will be tempted to shop at online stores that have no established reputation or history, just because they are advertising these scarce items for sale. DON’T, just DON’T. Other sites might be advertising cures, face masks, and other coronavirus related items. However, these products for sale are more than likely bogus and typically don’t work or won’t even be delivered. In the meantime, some scammer has probably got your credit card details.
Stick to known reputable resources for purchasing anything online. As you might expect, Google Trends shows that search volumes for terms such as ”hand sanitizer” and ”face masks” are at unprecedented levels. With demand for these products outstripping supply, scammers are increasingly targeting people who are looking to take protective measures. These items are in very limited supply, so be extremely wary about any claims of stocks on hand and only purchase from a reputable vendor who you would normally trust with your order (and credit card details!).
Beware Fake Email Scams
One of the most prevalent email scams doing the rounds is purportedly emanating from the World Health Organization (WHO) which is among the most-impersonated authorities in the ongoing scam campaigns. Typically, these email scams include malicious links which, if clicked on, can install malware, steal personal information, or attempt to capture login and password credentials.
The WHO is aware that its brand is being exploited by scammers and provides advice on its website on how it communicates, plus details of what it will or will not do in official emails. Most importantly, the WHO has not randomly started to email people who are not subscribed to a service.
As you might expect, another prevalent form of email scam at the moment comes in the form of ”work-from-home” guides. The attachment included with these emails is malware that’s going to capture your information and send it to the scammers. Emails may also include video attachments and tell users they need to update their video players in order to watch, thereby tricking them into installing malware. That malware can then be used to take over your bank account, take out a loan in your name, or use your identity for other malicious purposes.
We at DCT have covered dealing with email scams on numerous occasions. That said, this is a time when this advice definitely bears repeating:
- The scammers are getting better and better at impersonating legitimate organizations. However, almost without exception, reputable organizations WILL NOT randomly send unsolicited emails
- If the email includes a generic form of address –such as Dear Customer, for example — it is almost certainly fake. Genuine email will always address you in person, using your actual name
- DO NOT click on any links embedded within these types of emails and DO NOT click (open) any attachments. Ever
- It’s a fact that in almost all cases, malware cannot be delivered without some form of interaction from the user– e.g., clicking on a link or opening an attachment. Don’t, just don’t
Beware Fake Charities
During a disease outbreak or natural disaster, scammers will take advantage of the inherent good side of human nature to compel us to open our wallets for the less fortunate through charitable donations. Before you follow that impulse, you need to take steps to make sure the charity isn’t a funnel into the bank account of a predatory impersonator. Here is a good guide from the FTC (Federal Trade Commission) for checking out a charity before donating: Before Giving to a Charity. The FTC is a U.S. organization but the advice relates universally.
Personally, I refuse to donate directly to any charity that contacts me over the phone. I have no way of knowing if that caller is legitimate, just because they say they are representing a legitimate charity does not make it so. I know it’s a harsh measure but, at this particular point in time, I would be refusing any and all requests for charitable donations, regardless of how they are delivered– phone, email, or otherwise.
- Coronavirus scams, found and explained – Malwarebytes Labs
- COVID-19 (coronavirus) Scams – ACCC Scamwatch (Australia)
- Avoid Coronavirus Scams – FTC Consumer Information
- 10 Golden Rules to Defeat Scammers – DCT Article
Stay safe at home and stay well. Cheers… Jim