As with any other wide-scale event, scammers are taking advantage of the feeling of urgency and demand for information around the COVID-19 Pandemic. Luckily, the tactics scammers are using are mostly ploys we have seen and heard before. The best defense against scammers is to keep a healthy skepticism about the emails, phone calls, social media links and text messages you receive.
The following are some emerging COVID-19-related phishing scams and technology threats reported by the Federal Trade Commission, as well as some examples of spam emails to help you recognize and avoid them...
One way scammers try to lure you in is by offering limited supply items, such as toilet paper, hand sanitizer and cold medicine. If you click links or open attachments in these email messages, not only do you open yourself up to the possibility of having malicious software installed on your computer, get hit and held hostage with ransomware, or simply you end up paying for items you’ll never receive only to find additional unwanted charges on your credit card.
One of the tactics scammers use is to send phishing email messages and text messages using familiar company or government agency names to lure you into clicking links or opening attachments. Once the link is clicked or the attachment is opened, you may be asked to disclose sensitive information, such as your social security number, account numbers, or usernames and passwords.
Clicking on links and attachments can also result in the installation of malware on your computer or other device, including ransomware or other malicious code to gain remote control of your computer and/or webcam; or steal keystrokes or files. One common form of malware is Emotet. Emotet not only impacts your device, it propagates to other devices. Emotet can deploy ransomware or install other types of malware that steals user credentials, browser history and sensitive documents. The harvested data is then used to send spam and malware to other email accounts, continuing a growing cycle of cyber-attacks.
A current phone scam targeting individuals working from home is a purported call from your IT department asking for credentials. Some variations of this call may attempt to coax you into granting remote access to your machine.
In general, watching for tell-tale cues and following these guidelines for recognizing phishing are a good foundation for protecting yourself from COVID-19 scams. Some of these include:
Centers for Disease Control (CDC) Alerts
One of the tactics scammers are using is to send phishing email messages that appear to be from the Centers for Disease Control and include a link which appears to direct you to a list of new cases in your city. These messages create a sense of urgency by stating: “You are immediately advised to go through the cases above to avoid potential hazards.” But notice the red boxes in the image below. The domain in the email address is incorrect and, while the link in the message appears to direct you to the CDC’s website, hovering over the link reveals the true destination.
Health-Related Messages
Another scam approach is to offer advice for avoiding infection, or to provide guidance for surviving an infection. These messages might claim to be from health officials, or even from China or Italy where the virus had a significant impact.
Requests for Financial Assistance
There are scams related to charitable giving. While some are in the name of specific charities, some are asking for bitcoin or donations to a GoFundMe account, and some are implementing the tried and true money mule scheme. Do your research, only give to reputable and trusted charities, and remember, if it appears too good to be true, it probably is.
In the end, protecting yourself and your staff from coronavirus-themed scams is the same as protecting yourself from any other scam. Slow down, look carefully, do some research and employ a generous use of the <Delete> button.
Have you or your staff seen an increase in the amount of online scams? Have you seen an uptick in phishing emails? How are you working with your staff to avoid them? Please share your thoughts in the Comment box below or shoot me an email if you'd like to chat about this in more detail.