Covid-19 Phishing Scams Are Everywhere. How to Stay Safe?
Cybercriminals have become more active than ever during the lockdown. Alongside our concerns about the pandemic and the associated avalanche of information, hackers are now taking advantage of our worries to target our online security.
The hysteria around Covid-19 has been very fruitful for cybercriminals and the various frauds, scams, and rumors they’ve spread. And we’re not talking about fake statistics or “miraculous” cures.
These phishing scams include fake emails, reports, or messages from health organizations like the Center for Disease Control (CDC) or the World Health Organization (WHO). But how dangerous are attacks like these? And how can we best protect ourselves?
What phishing attacks look like
Hackers always keep a keen eye on what’s going on in the world and especially how people have acted under lockdown conditions brought on by the Covid-19 crisis.
They use our trust for health organizations to impersonate respectful entities. Then, after registering fake accounts, they send emails and messages, luring people into downloading malware or diverging sensitive information like passwords, logins, and credit card details.
You see, cybercriminals are very good at tricking people, so the phishing emails they send usually look authentic and contain elements associated with a trusted brand or organisation. They often feature:
- breaking news stories
- genuine-looking logos and branding
- intimidating or fear-inducing messages
- malicious links tempting you to click or download something
This is where users need to be particularly attentive to spot phishing emails.
Would you be suspicious of any emails sent from the WHO Director revealing the specifics of Covid-19 prevention and treatment? Well, you should be.
Tedros Adhanom Ghebreyesus has better things to do than send out newsletters. So, chances are, you’re being scammed by a con artist wanting you to download malware so they can capture screenshots and keystrokes from your device.
Other phishing email examples may contain links to a list of new Covid-19 cases in a user's city. “Just sign in to know which areas to avoid,” it might say. Don’t do it unless you want your personal account’s credentials stolen.
Another online bogeyman is an app with a Covid-19 map. But instead of information about the virus and its distribution, the app infects users with ransomware. This type of scam won’t let them access a device until the ransom is paid.
Other types of Covid-19 cybercrimes
While phishing attacks seem like the most noticeable scam type around Covid-19, it’s not the only one to be cautious of. Here are a couple of others you should stay away from too.
Encrypted messaging app scams
Telegram, Facebook Messenger, WhatsApp, Viber, and many other messaging apps claim to be using the highest levels of encryption. But no hardware or software can save you from starting a conversation with a criminal.
Over the past few years, encrypted messaging apps (EMAs) have earned themselves a bad reputation by becoming a powerful propaganda tool. First, they were used to disrupt elections, later people used them to spread misinformation about vaccines. Now, EMAs are being used to disseminate misleading and harmful information about Covid-19.
These EMA providers claim they’re doing their best to block malicious accounts and groups, but so far, they aren’t doing a very good job. This leaves app users responsible for their own safety. You have two options: either you abandon using EMAs or be very picky about the people you communicate with and the groups you join.
Our social life has become digital due to Covid-19, and scammers are well aware. Here are some of the scams they pull:
Although the hype around phony news has subsided, scammers continue sharing breaking news, sending urgent updates, or stories about celebrities supposedly infected with the virus. Users click on the link to learn more and are subsequently ambushed by hackers.
Fake victim stories
We all tend to be more sympathetic these days and more emotionally vulnerable as a result. The lockdown has left many people struggling since they aren’t able to work or have lost their jobs. And while this is heartbreaking, criminals want to exploit your charitable nature and impersonate victims asking you for money.
We can’t forbid you from donating - after all, it’s a great thing to help the most vulnerable during these challenging times.
But, at the very least, we urge you to choose your charities and organisations carefully. Don’t just give your money to random people who write shady emails to you.
Scammers use a variation of the money fraud to invite people to invest in products or services of publicly traded companies called on to prevent, detect, or cure this new coronavirus.
They promise the stock value of these companies will skyrocket soon. Spoiler alert - they never do. You can just wave your money goodbye.
Remote work opportunities
Bad actors know how to target people who have lost their jobs due to the Covid-19 crisis. In the US alone, 22 million people have found themselves unemployed as a result of the pandemic.
Hackers target these poor people by offering enticing work-from-home opportunities. But first, they need to register on a malicious website. This steals their personal information, handing over their precious details to hackers. Leave it to the cybercriminals to benefit from other people’s loss.
How to protect yourself from Covid-19 phishing scams?
Staying safe online means more than spraying yourself with hand sanitizer. Here are our tips on how to keep yourself protected from these phishing scams:
1️⃣Don’t take any Covid-19 “special offers” as genuine without checking where they have come from. Be careful, especially with those posted on social networks or received from suspicious sources. Think twice before opening links or attachments from people you don’t know. Better yet, just delete such offers immediately.
2️⃣Question everything you see online, especially on social media.
3️⃣Do your own research, even if the offer does sound legit.
4️⃣Always check the website you’re on before entering any details, including personal data, credit card, or bank account information. Look for the lock sign and https in the address line.
5️⃣Don’t get into the “ends-soon” trap. Fake urgency induces panic, and often leads to irrational decisions.
6️⃣Grammatical and spelling errors are alarming signals. They either show this governmental agency isn’t smart enough to hire competent professionals or it isn’t a governmental agency at all. Either way, don’t click on any news or offers full of mistakes.
* * *
During this challenging time, we need to support each other and work to provide safe places, free from both Covid-19 and the fake information around it.
Clario offers free online support for people in isolation, and we’re always here if you need general tech support or advice to cope with daily tasks online. Stay safe.
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.