Cybercriminals are exploiting the current coronavirus public health scare with malicious cyber tactics. The World Health Organization (WHO), Federal Trade Commission (FTC), Securities and Exchange Commission (SEC) and the Better Business Bureau (BBB) have all issued warnings in recent weeks about the uptick in criminal scams tied to the coronavirus.
As the coronavirus news continues to spread throughout the world, scammers will amplify their efforts. Stay informed as to not fall to any unusual requests made by suspicious individuals. There are countless ways for scammers to exploit fear in order to steal money and compromise businesses.
We focus on 3 scams to help educate businesses.
1. Fake Websites
Malicious individuals will setup fake coronavirus-related websites. These websites offer a “cure” to the virus. Such cures can consist of natural and pharmaceutical remedies, vaccines, testing kits, and other bogus health solutions. The key to determine if a website is fake is to check multiple items.
First, does the website have a secure connection? In any web browser there’s an indication of a padlock if a website is secure.
Second, are these websites offering in-demand items at extremely low costs? As the saying goes, if it sounds too good to be true, it most likely is. These malicious actors could be trying to steal credit card information and install malware on a PC.
Lastly, carefully read over the verbiage on the website. For example, most fake websites have poorly written text. Identifying this trait early on can help determine a website’s legitimacy.
In short, there is no cure for the coronavirus at this moment. Be wary of anything that sounds too good to be true and stay vigilant when reviewing a coronavirus-related website.
2. Spoofing Government and Health Care Organizations
Hackers are already impersonating the UN’s health agency in an effort to carry out a variety of scams, from account takeovers to phony donation requests and the spread of malware. The FTC is also warning of spoofed emails, text messages, and phone calls that claim to be from the Centers for Disease Control (CDC).
Consumers can expect to see a wide range of coronavirus-related phishing emails, smishing (text message phishing), and phone fraud scams over the coming weeks. These scams will focus on our insecurities about how the virus is spreading. The scams can take on several forms — for instance, fake health agency warnings about infections in your local area, vaccine and treatment offers, and alerts about critical supply shortages.
These contact points can be highly convincing due to cyber criminals using professional phishing kits. For example these kits are programmed to use perfectly matched logos and email formats of legitimate organizations. In addition hackers will incorporate “combosquatting” and “typosquatting” tactics to fool users into thinking the link is legitimate.
One example of typosquatting is when an attacker uses popular domains that are misspelled incorrectly but look like real a domain name. For example, faecbook.com or wellsfagro.com. Combosquatting and typosquatting have similar tactics used to fool users, however, the domain name is appended with -security. For example, wellsfargo-security.com or security-chase.com. Notice the domains are not misspelled but prepended or appended with the word security.
Given these points all users need to remain alert when any coronavirus related email, text, or phone call is received. Always use best practices for cybersecurity.
3. Social Media Scams
Social media users need to be wary when scrolling through their timeline. We anticipate two specific scams that are likely to play off of the current coronavirus situation. The first is fake fundraising. The fundraising hackers will use stories and images of real people to tap into your limbic system, the emotional part of your brain. Notably, these scammers will utilize legitimate fundraising platforms like GoFundMe to collect donations. Be cautious of any individuals asking for donations.
The second threat for coronavirus-related scams deals with investments. As the SEC recently warned, criminals will use social media to promote microcap stocks which they claim have a product or service that can help prevent or treat coronavirus. These are pump-and-dump scams that could cost investors lots of money. Be sure to perform some research. A quick search will help clear any cloudiness about the proposed investment.
In conclusion, stay alert on social media. Even though these websites intend for social activities – stay conscious when scrolling through the news feed.
Exercise caution in handling any message with a COVID-19-related topics, such as email attachments and hyperlinks. Perform due diligence of any social media plea, text, or call related to COVID-19.