Spotting COVID-19 online scams

by | May 10, 2020 | Uncategorized

How to spot COVID‑19 online scams

The COVID-19 pandemic created new opportunities for bad actors to trick users into revealing their personal information or clicking on malicious links or attachments, unwittingly downloading malware to their computers. These phishing attacks and scams “use both fear and financial incentives to create urgency to try to prompt users to respond,” Google claims.

Common types of scams

Scammers send malicious email messages asking you to either open an attachment or click on an embedded link. These natures of scams are generally called phishing attacks. The attachment might seem to contain pertinent information regarding the COVID-19 pandemic, but it would, most likely, download malicious software onto your device. This software would enable cybercriminals to take control of your device, access personal and financial information, and even worse, lock up your data and ask a ransom for it.

Falsely representing health organizations

Bad actors may pretend to be health authorities, such as the WHO or CDC, may offer cures, tests, or other COVID‑19 information.

Fake donations

The number of requests for COVID-19 donations has increased. You should check carefully nonprofits, hospitals, and other organizations that ask for money.

Websites “selling” health products

Sites might claim to sell hand sanitizers, face masks, toilet paper, or other in-demand products that would never arrive.

Fraudulent financial offers

Bad actors pose as banks, investors, or debt collectors, with “special” offers designed to steal personal and financial information.

Falsely representing government authorities

Some scams claim to issue updates and payments on behalf of the IRS or local government tax authority.

How to avoid being scammed?

You can follow these simple suggestions to stay protected and avoid falling victim to these phishing attacks.

Take time to reflect on every request for your personal information and whether it’s appropriate. Do not open unsolicited emails from people unfamiliar to you or click on suspicious attachments, which you did not expect.

Double-check the email address. Check the sender’s name, email address, and whether the email domain – the part after the @ symbol – matches the organization from which the sender claims to be. If not, it is probably a phishing attempt.

Visit websites by typing the domain name yourself. Most businesses use encryption – their address starts with https – and if you receive a certificate error while browsing, consider it as a warning sign that something is not right with the website.

Pay attention to wording, tone, and terminology. Bad actors could scam a specific person via spear-phishing using the receiver’s full name and other personal details. Check for terms and language that you are usually expecting in the type of email you receive.

Never supply any personal or financial information, and passwords to anyone via email. Emails are considered insecure ways to send data. Remember that most institutions or companies would never ask for your password or other critical personal information.

Check links before clicking on them. See your emails in plain text to check for the link address to see its destination. If it is not the same as what appears in the email, it is probably a phishing attempt.

Look out for spelling and grammatical mistakes. If you spot any spelling, punctuation, and grammar errors, it could be a phishing email.

Be careful what you download. Some links might automatically download files after you click on them. If this happens, stop the download process immediately, especially if it’s unexpected, and delete the downloaded files.

Stay away from emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action.

Be wary of third-party sources spreading information about COVID-19. Refer to the official websites for updates on COVID-19. Fraudulent emails can look like they come from a real organization, but legitimate government agencies will never call you or email you directly for this information.

Keep your devices protected. Install anti-spam, anti-spyware, and antivirus software and make sure they are always up to date.

What to do if you get scammed?

In the case you do get scammed, you have to act quickly based on the type of attack. Most cyber-attacks are delivered automatically, to lots of people, hoping someone would take the bait. So, if you move fast, you might be able to save your data and accounts.

If you downloaded a file, either from an attachment or a link, your security software should generally flag it if there’s malware behind it. To be sure, make sure you update your antivirus and perform a full system scan. In case you don’t have any security software installed, download one and perform a scan.

If you entered your login information on a fake website, change them as soon as possible. Having two-factor authentication enabled, if supported, can be a lifesaver in these situations.

In case you typed your banking (credit card) information, act as you would if your credit card was stolen and contact your bank immediately, no matter the hour – most banks have a 24/7 anti-fraud line. If you have access to a home banking platform, you should first lock or disable your credit card.

Get involved

The number of COVID-19 related internet scams grow day by day, and protecting ourselves against these types of attacks if both a feasible and essential step. If you receive or fall victim to a phishing attack,

  1. report it to your IT department by forwarding it as an attachment
  2. delete the email and clean your computer
  3. notify the spoofed organization to prevent other people from being victimized.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.

by Dan Florian

Product owner and co-founder of ATTACK Simulator. Dan likes to code, is passionate about design, and loves running and swimming.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.