The FBI urges everyone to be extra vigilant for cyber scams during the COVID-19 Pandemic.
Cybercriminals are using the pandemic fears for their profit, using a fresh set of malicious software and cyber scams. There are thousands of cybercriminals. These range from individuals to organized criminal organizations. The vast majority continues to do what cybercriminals do: exploit the situation to maximize their gain. Therefore, it should come as no surprise that cybercriminals are using the current COVID-19 Pandemic to their advantage.
One of the first cyber scams arrived in mid-March through an email that appeared to be from the World Health Organization. The email pushed a fake e-book with official information on advice to protect yourself from the virus. This attachment delivered a malicious code for a downloader that gives cybercriminals access to your data lifted from your keystrokes. MalwareBytes explained this scam in more depth.
Subsequently, the proverbial floodgates opened, with several fresh attempts launched at defrauding Americans and people all over the world. This includes phishing scams, where an email tries to lure you to a legitimate-looking site that asks you to log in to view safety information provided by a legitimate organization. Except, the email is not coming from those organizations. It’s phony, of course, and could lead to identity theft if you input the information requested.
The Justice Department recently filed a complaint against a website claiming to supply WHO vaccine kits for $4.95, charged to their credit card. As of now, there are no legitimate COVID-19 vaccines, the DOJ noted.
Examples of COVID-19 Cyber Scams
COVID-19 Cure Cyber Scam
In February, people started receiving a weird email. The message appeared to be from a mysterious doctor who claimed he had information about the cover-up of a vaccine by the Chinese and U.K. governments.
People who click on the attached document are taken to a spoof webpage that is created to collect login details.
“We have seen 35-plus consecutive days of malicious coronavirus email campaigns, with many using fear to convince victims to click,” says Sherrod DeGrippo from the cyber-security firm Proofpoint.
If you find an email suspicious, hover your mouse cursor over the attachment or link to see reveal the true web address. This web address usually appears on the bottom left of your screen. If it looks dodgy, don’t click.
COVID-19 Tax Refund Scam
Another scam was an email appearing to be from the government, offering a COVID-19 tax refund.
When clicking on “access your funds now”, it would take them to a fake government webpage, encouraging them to input all their financial and tax information.
Governments are often impersonated in cyber scams. Just remember that generally, governments won’t ask you to click any link in an email or submit any information by email.
COVID-19 scams target smartphones
Some COVID-19 related threats specifically target your mobile phone, too.
A common smartphone scam is associated with the current discussion of apps tracking your movement and health. Many text messages are circulating that promise to track the spread of the COVID-19 virus in real-time to alert you when it’s been detected near you. However, when downloading the suggested app, the cybercriminal will be able to listen through your microphone, watch you through your camera and access your messages.
Other common scams by text messages are offers to claim free masks from the Red Cross or a $1,000 bank deposit from the federal government to support you during this crisis.
FBI warns three states to be most at risk from the Coronavirus scammers
The FBI has warned of a notable increase in coronavirus scams, adding to concerns about an “unprecedented wave” of cyber-attacks voiced by United States Attorney Scott Brady. The FBI Cyber Division warned that three U.S. states need to be particularly alert to the increase in cyber-attack threats. The spike in cyber scams seems to target the states with the highest COVID-19 infection rates. Therefore the FBI warns California, New York, and Washington states to be hit the hardest by cybercriminals.
The attacks appear to target those who work from home explicitly. Those people, Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, advised to “double-check the authenticity of any incoming messages, emails or phone calls. And to be particularly prudent, “when someone is trying to extract any data from you in an emergency while acting like there is no time to explain the context convincingly.”
How to protect yourself
Start by using these guidelines to learn to recognize and protect yourself against cyber scams.
Next, stay on top of the COVID-19 cyber scams through this list of coronavirus-themed online threats created by Forbes. We recommend to regularly check this list to educate yourself on and stay aware of the current scam activity.