Beware of scammers sending fake coronavirus emails and texts to try and steal your personal details. The Coronavirus outbreak, which has gained global attention, presents an opportunity for malicious actors to take advantage of the worldwide concern and use it to conduct various online scams.
Recently reported activity includes spear-phishing campaigns, financial scams, and disinformation campaigns spread via social media websites. Malicious actors are tailoring campaigns in order to collect sensitive information, steal money via fake donation websites, spread false information, and deliver malware to victims.
Several spear-phishing campaigns impersonating the Canadian government and various healthcare organizations including the World Health Organization (WHO) have been reported (1).
How do the scams work?
Victims receive Coronavirus-themed emails in which the actors request the victim to open an attachment or click on a link provided via the email in order to obtain details about the Coronavirus. Once a victim clicks on the attachment or link, they are directed to a malicious website controlled by the actors or given a false login pop-up, requesting the victim to enter his/her login credentials.
Malicious actors can use the login credentials to access the victim’s accounts or to conduct further cyber attacks. In other campaigns, victims received emails that also appeared to originate from the U.S. Centers for Disease Control (CDC), CDC; however, malicious actors requested a donation via Bitcoin to fund a false “incident management system,” in relation to the Coronavirus (2).
Scammers have been targeting people with phishing texts Credit: KnowBe4 (3).
Handy tips to prevent becoming a victim of Coronavirus-themed online scams:
Stay on the lookout for phishing emails and other scams related to Coronavirus. Some handy tips:
Go directly to a trustworthy website for updates rather than clicking on email attachments, links, or pop-ups
Double check a website address prior to typing it in as scammers typically slightly alter URLs so they closely resemble a legitimate URL
Do not enter sensitive data such as username and password into websites that do not typically ask for it
Use multi-factor authentication whenever possible
Use complex passwords and use different passwords for different services
Keep systems updated and running antivirus software