The novel coronavirus pandemic is significantly altering our daily lives. Public events are being canceled, sports teams are suspending seasons, and organizations are handing down work-from-home orders en masse, but cybercrime is continuing unabated. Healthcare facilities remain under siege from cyberattacks even as they grapple with critically ill patients.
Cybercriminals frequently use natural disasters, such as hurricanes, as a backdrop for attacks, preying on public confusion and fear. Not surprisingly, cyber scams that take advantage of the COVID-19 pandemic are propagating as rapidly as the disease itself. Here are 5 to watch out for.
1. Phishing emails
People all over the world are being bombarded with novel coronavirus-related “phishing” (email), “smishing” (text messages), and “vishing” (phone) scams. Some impersonate legitimate public health authorities, such as the World Health Organization (WHO) or the U.S. Centers for Disease Control (CDC). Others contain phony vaccine and treatment offers, medical test results, health insurance cancellation notices, or urgent news alerts. For example, SC Magazine reports on a scam sent to Italian recipients that contains an attachment claiming to be a list of precautions to prevent infection; it’s actually a weaponized MS Word document that will infect your device with malware.
2. Malicious websites
Cybercriminals are snapping up domain names containing the phrases “coronavirus” and “COVID-19.” Some of these sites are hawking phony miracle cures or other scams that seek to get visitors to part with their cash, while others contain drive-by malware. One of the most insidious examples, as reported by SC Magazine, is a site that contains a highly sophisticated, legitimate-appearing novel coronavirus map that contains malware.
3. Misinformation campaigns
Malicious actors, including nation-state cybercriminals, use social media to spread misinformation and conspiracy theories about coronavirus to trigger public panic and prompt Americans to distrust each other, U.S. government agencies, and public health authorities. Misinformation campaigns may also be used to drive traffic to malicious websites.
4. Phony fundraisers
In addition to misinformation campaigns, cybercriminals are using social media to promote phony fundraisers. Fake fundraisers use one of two tactics, either a crowdfunding link for an alleged charity or coronavirus victim, or the sale of a product purporting to benefit a charity.
5. Investment scams
The U.S. Securities & Exchange Commission (SEC) recently issued an alert about novel coronavirus-related investment scams circulating on social media. These scams advertise “can’t lose” investments in companies whose products or services can allegedly detect, prevent, or cure coronavirus; the promise is that the company’s stock will rise dramatically as a result. Often, the SEC warns, advertisements will include “research reports” and predictions of a specific “target price.”
Avoiding novel coronavirus cyber scams
Avoiding COVID-19 cyber scams means taking the same precautions you would to avoid any type of cyber scam.
- Don’t click on unverified links or attachments sent through email or text.
- Don’t trust unverified social media posts or videos, and don’t contribute to misinformation by sharing questionable posts. Stay informed through reputable sources such as the World Health Organization (WHO) and local public health authorities.
- Thoroughly research any investment you are considering, and steer clear of those that promise guaranteed returns or medical miracles.
- Think twice before donating cash or buying a product that supposedly benefits a charity. If you want to give money to a specific charity, the safest route is to donate directly through the charity’s website.
- Be extremely wary of donating to a crowdfunding campaign for an individual; if you’re not able to verify beyond doubt that the story is legitimate, don’t do it.
- Secure your passwords with Keeper. Keeper generates high-strength random passwords for all your sites and apps and stores them for you in a personal, encrypted digital vault.