As the global crisis continues, the bad guys are jumping on the opportunity to take advantage of fear, distraction, and interest in COVID-19 to craft particularly compelling scams. They’ve tailored their phishing lures to prey upon the pandemic panic. COVID-19 scams have cost individual people and companies over GBP 10 Million!
A few topics that attackers are using for you to watch out for in your work and home life:
Government Relief Fund Scams
As government representatives have started to enact legislation to provide relief funds for those left unemployed or otherwise financially impacted by COVID-19, criminals have ramped up phishing ploys that look like government correspondence about those funds to trick people into giving up their credentials.
Malicious Infection Maps
Attackers are taking advantage of public interest in “to-the-minute” infection maps from the likes of Johns Hopkins to create compelling lures for malicious campaigns. The bad guys are using malicious websites to install malware or steal your credentials.
Impersonation of Official Health Organisations
Savvy criminals have been particularly focusing on piggybacking off the legitimacy of official organisations, such as the Centres for Disease Control (CDC) and the World Health Organisation (WHO), to design a range of different phishing lures.
COVID-19 Testing Kit Scams
Scammers are taking advantage of keen interest in COVID-19 testing to run a variety of scams around the availability of testing kits. Other robocall scam lures tied to coronavirus include work-from-home opportunities, student repayment plans and debt consolidation — some of which aren’t just targeted toward consumers but also small businesses. Robocalls are phone calls that use a computerised autodialer to deliver a pre-recorded message.
Face Masks and Medical Supplies
Similar to testing kits, face masks and other hard-to-find medical supplies are being used as a favourite carrot for phishing attempts and good-old-fashioned fraud. Many of them also promise limited time offers and ask for Bitcoin payment to set the hook nice and firmly with desperate victims.
Cyber security experts warn that internet, email and phone scams that are linked to Coronavirus are the worst they’ve seen in years.
Criminals are using multiple methods to exploit people’s fear and interest to deliver malicious attachments or links to fraudulent websites and to trick victims into revealing sensitive information or donating to fraudulent charities or causes.
We must all exercise caution in handling any email with a COVID-19 (corona)-related subject line, attachment, or hyperlink, and be wary of any social media posts, text messages or phone calls related to COVID-19.
Social media use is skyrocketing as people in quarantine are spending more time online.
People love to share their information to connect with others, especially in lockdown.
There has been a spike of surveys and question/answer posts all over social media lately. Please do not share your personal information.
Specifically:
•Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
•Don’t click on links from sources you don’t know. They could download viruses onto your computer or device.
•Be wary of email attachments, even from people you know and especially if forwarded. “When in doubt, sit it out” and do not touch it!
•Do not reveal personal or financial information in email, text or on the phone, and do not respond to solicitations for this information.
•Verify a charity’s authenticity before making donations. Review The Charity Commission’s page on Charity Scams for more information.
•Ignore online offers for vaccinations. There are currently no vaccines, pills, potions, lotions, lozenges or other products available to treat or cure COVID-19 – online or in stores.
Additional Steps:
•Keep your operating systems and antivirus software up to date with patches. If asked to reboot, don’t delay.
•Choose strong passwords.
•Stay informed!
