With the outbreak of the coronavirus pandemic, we’re increasingly reliant on digital communications to keep in touch with friends and family, work from home, and help us make the best of our leisure time in self-isolation.
However, the crisis has also become an opportunity for ruthless scammers, hackers, and other cybercrooks.
Let’s have a look at the recent digital threats exploiting our anxieties and thirst for knowledge about the COVID-19 disease. During this time, we obviously need to prioritise our health and well-being. But we also need to remember to stay vigilant to ensure our digital lives are protected from infection by coronavirus-themed communications.
7 widespread coronavirus scams
1. Fake “safety measures” emails
One of the most widespread types of fraudulent “phishing” emails are messages from impostors posing as authoritative organizations such as the World Health Organization (WHO) or the US Centers for Disease Control and Prevention (CDC).
These fake emails contain attachments or links to what seem to be details about the disease or safety tips. This is an example.
Rather than taking you to important information scammers want to lead you to a page where you provide sensitive information, such as your email or password. Alternatively, a malicious email link or attachment may be a source of a virus harmful to your computer.
The scam is so widespread that WHO itself issued a warning. In this message, WHO explains it only uses email addresses ending in @who.int, always publishes information on its official website, never asks you to log in to view safety information or sends unrequested email attachments.
2. Malicious coronavirus maps
Another mean way to exploit the current fascination with the disease is the promotion of fake websites containing dashboards featuring what seem to be statistics on the spread of the coronavirus.
Too bad, this is just bait. Attackers use it to install malware called AZORult on your computer. AZORult can steal personal information such as usernames, passwords, credit card numbers, browsing history, cryptocurrencies, and more. It can also infect your device with other malicious programs.
The solution is to look for any pandemic-related information on reliable websites only, including the dashboard on the official Johns Hopkins Coronavirus Resource Center page.
3. Misleading cure and hygiene products offerings
As people around the world hope for a vaccine and treatment for COVID-19, fraudsters cash in on this agitation. Previously popular “email alerts” about $10,000,000 lottery prizes have been replaced by fraudulent promotion of a coronavirus cure.
WHO firmly states, “To date, there is no specific medicine recommended to prevent or treat the new coronavirus (2019-nCoV).” So, the miraculous drugs are just lies peddled by greedy fraudsters.
Another way the bad guys cheat consumers is by offering highly demanded goods, such as face masks and hand sanitizers, then never delivering them. In the UK alone, victims have already lost over £800,000 ($1 million) to such scams.
Apart from scams, there are other online threats that intensified during the coronavirus outbreak. Make sure you have a reliable protection tool such as MacKeeper.
4. Fake employer notifications
Who else can the scammers impersonate? They are likely to pose as a company’s IT or HR department.
Through such emails, attackers lure employees into giving up corporate credentials, which helps them attack the company itself. Senders threaten to punish staff who don’t follow the instructions to make the message more forceful.
5. Scammy tax refund communications
Another message many would like to be true is a tax refund notification. But no - this is just another hoax.
Scammers pose as officials offering financial support to UK citizens. Those who click “Access your funds now” will be taken to a fake government webpage. There, they’ll be asked to provide all their financial and tax information - and share precious personal data with the bad guys.
6. Deceitful charity requests
Worldwide pandemics motivate lots of people to help those in need. However, many fraudsters play upon these generous impulses. These days, “charitable organizations” calling for “coronavirus relief donations” are likely to pop up in inboxes all around the world.
Just as with other scams, senders urge their victims to act quickly while poorly explaining the charity’s goals. One of the definite signs of a fake charity is that they request donations in cash, by gift card, or wiring money. This is a sure way to get some to part with their bucks without helping the cause.
7. Fraudulent investment deals
By contrast, some swindlers tend to capitalize on human greed. The US Securities and Exchange Commission (SEC) reported multiple investment frauds dealing with COVID-19. SEC studied internet promotions claiming there will be a value increase of certain companies’ stock. These companies, unsurprisingly, are those making products to prevent, detect, or cure coronavirus.
As SEC further explains, this may be a so-called “pump-and-dump” scheme. Fraudsters increase (“pump”) the stock price of a company by spreading rumors about its coronavirus-fighting product. Next, many investors purchase the stock. Then, fraudsters “dump” their shares and the hype soon ends. As a result, the stock price drops and investors lose their money. To sum it up, there’s a big risk of getting ripped off through investing in shady coronavirus-related products.
How to avoid being a victim of coronavirus scams
It’s not that hard! Just as you do with the infection in the real world, stick to the simple online rules: don’t panic, be discreet, and protect yourself.
1. Critically assess all coronavirus-related emails, messages, and ads
Fake emails can be spotted by an irrelevant sender address, links leading to unofficial websites, poor spelling and formatting, as well as demands to act quickly. All offers sounding too good to be true and can’t be confirmed by public sources are probably fraudulent.
2. Do not interact with suspicious links and attachments
Avoid clicking on email links or download any attachments if you have doubts a sender is legit. If you’ve already downloaded a file, run an antivirus on your device (remember, even Macs can get viruses!)
3. Think twice before providing personal information
Find a way to re-check whether a supposed sender really needs your personal data (contact your employer, a government office, and so on). If you unknowingly shared your email and password to scammers, change them in the email service and all the accounts where you used the same combination. If you shared other personal information such as your ID details, Social Security number, bank account or credit card details, contact the FTC (in the US) or Cifas (in the UK).
4. Research before giving away your money
If you consider buying goods, donating, or investing, search for the organization’s name first. Add “scam”, “complaints”, or “reviews” to find out if others have already had a bad experience with the company. If you’re still in doubt, try finding a reputable alternative among suppliers, charities, or businesses.
5. Keep security software on at all times
Install a reliable security program, then keep it active and updated at all times. While an antivirus check is crucial after you download something suspicious, it’s way better to have security that won’t even let you do so.