As a friend recently noted, “Scammers gonna’ scam”. It does not matter the event or disaster we may face, there are those with nefarious ends who will try to take advantage of chaos and uncertainty. We are already seeing this unfold with the COVID-19 (novel coronavirus) pandemic.
According to an article from the BBC, there has been an unprecedented increase in the number of scams due to the pandemic. Here are some unique examples of COVID-19-based phishing exploits that are being reported.
- People are receiving unsolicited work from home job offers via email. Be wary of any unsolicited offer received via email, especially if you did not apply for, or were not interviewed for, a position with a company.
- With the increase in the number of people telecommuting, scammers are sending emails from internal company domains with fake links to work from home policy and procedure documents.
- Individuals are receiving emails claiming to be alerts from the Center for Disease Control (CDC), the World Health Organization (WHO), or other expert organizations with information about the virus. These groups would not send emails of this type. Always visit the websites of these groups for the most up-to-date information.
- There is no vaccine for the novel coronavirus. However, people are receiving information via emails and pop-ups offering vaccinations and other health advice. The Federal Trade Commission (FTC) has recently issued seven (7) cease and desist letters to groups who were advertising these types of products.
- It is human to want to help others in a crisis, especially one that impacts groups such as the elderly and children. Criminals are taking advantage of that instinct by running charity scams through social media and phone calls related to the COVID-19 pandemic, soliciting donations for medical treatment or food drives. Do not donate money via Bitcoin.
- Greed is one of the easiest human reactions to exploit through phishing. With the turmoil in the stock market, be wary of unsolicited offers via social media or email about investments or making quick cash.
- With various state, local, and federal governments determining ways in which to help people and companies who are financially impacted by this crisis, there are scams circulating that claim to provide access to government loans, tax refunds, or payments. This is not how this information would be provided to the public.
- Emails with infected attachments providing information on the pandemic, from how to protect yourself to how to make your own hand sanitizer to statistics and information on the pandemic, have been making the rounds. Do not click on or open these attachments.
- Bogus closure emails claiming to be from universities or schools that have shut down due to the pandemic that contain links to “more information” have been observed.
- Sophos Labs has recently reported a spike in the number of newly registered domains that reference “covid” or “corona.” These domains are used to create malicious web pages to harvest user data.
- DomainTools’ security research team discovered a domain (coronavirusapp[.]site) that claims to have a real-time coronavirus outbreak tracker available via an app download. Instead of providing information, it provided ransomware.
In times like this, the same rules apply to avoid phishing scams. Phishing.org provides a great listing of ten (10) actions to take:
- Keep informed about phishing techniques. The more you know about what scammers are doing, the less likely you are to be a victim.
- Think before you click! People are worried, afraid, and concerned about the pandemic. They may fail to think before they click on a link to “breaking news” or “cures” for the novel coronavirus.
- Install an anti-phishing toolbar. Usually available as a browser plugin or add-on, these tools can help to identify phishing websites and advertisements. Check with your IT or Security department to see which ones are approved for use in your organization.
- Verify a site’s security. Check to see that the web site URL begins with “https” and that the closed lock icon is displayed. Also, watch the lower left hand corner of the web page as the site page loads to ensure that the URLs match.
- Check your online accounts regularly. We all have that online account that we set up and only visit once or twice a year when needed. One example of this is streaming subscription sites. However, these sites may hold personal and credit card information that a hacker can access and use without you realizing it. Log in to your accounts more often and make sure you update to a strong password.
- Keep your browser up to date. Whenever an update is released for your browser, run it immediately. Check all browsers you may use to make sure they are kept up to date.
- Use firewalls. Using a personal, or desktop, firewall is a critical security component for connections that are always “on.” Your organization should have network firewalls to protect network infrastructure.
- Be wary of pop-ups. Use pop-up blockers in your browsers to avoid these nuisances. If you must close a pop-up window, use the “X” in the upper corner of the window. Also, be wary of email attachments, which can contain malware.
- Never give out personal information. Guard your data as if it were gold, because it is that precious. Your personal data (financial, sensitive, medical, etc.) in the hands of a scammer can not only be used to rob you, but can also be sold for others to use maliciously.
- Use anti-virus software. Keep your anti-virus software up to date and be sure to scan your device on a regularly scheduled basis.
Increased diligence during the COVID-19 pandemic should not only focus on keeping yourself healthy and safe, but also on protecting your data and resources. If you would like more information on how Security Awareness and Anti-Phishing training can help, please Contact Us today.
We hope everyone avoids being a victim of the novel coronavirus, and its associated scams.
For additional resources on secure and productive remote work visit the GLS Work from Home Resource Center: