Updated: Apr 22
Phishing scams often prey on a victim's fear by using real and current threats to obtain personal information like passwords, account numbers, credit card numbers, and more. Other times, they see opportunity in capitalizing on stories that are highly prevalent in the news. So what happens when you have both scenarios with COVID-19? Yep, you guessed it -- COVID-19 malware is a thing now.
What is COVID-19 malware?
Basically, scammers are using the coronavirus pandemic to "offer" information or services to the public. The above image is an example of one of many coronavirus-related scams.
Industry targeted emails
There have been several scams going around targeting manufacturing, transportation, higher education, and healthcare industries that promote COVID-19 cures and topical conspiracies. Once the email attachment is opened, malware is able to harvest the victim's data.
World Health Organization emails
At the beginning of the outbreak, a "spoofing campaign" was launched to target people in areas that were going into shutdown. These emails coincided with the government increasing quarantine measures and therefore capitalized on the fear of those receiving the emails. This campaign contained a "list of precautions" to take to stop the spread of the virus. When the victim opened the document, their device was immediately compromised.
Emails sent to remote workers
With everyone working from home, hackers are sending emails to remote workers claiming to be from the company HR departments (for most companies, their employees' information is available online -- anyone can access it). This scam asks for the user to sign into DocuSign or Microsoft Word. These scammers typically imitate someone who actually works in the HR department. Once the link is clicked, malware is installed on the victim's device.
Coronavirus reactive maps
Several organizations have created reactive maps that allow viewers to track where the virus has spread. This scam shows the actual reactive map, but contains malware that steals info stored in your browser (passwords, credit card info, etc.)
How can you avoid these scams?
While these emails may look like they come from a legitimate source, it is best to proceed with caution before clicking on anything.
Don't click on links from unknown senders. If you haven't subscribed to receive emails from a certain sender (such as the World Health Organization) and all of a sudden, they send you an email, it's probably a scam. Does the email address match the sender's name (if the sender's name is "Don" and the email address is firstname.lastname@example.org, this should be a red flag)? Are there typos in the email? Is the layout slightly off and the sentences structured strangely? If you notice these things, do not click on any links or documents that the email may contain.
If they send you a link to a website, run it through a URL checker (see "URL Checker" tab under "Resources") to make sure it's legitimate.
Educate yourself. Stay up-to-date on current scams so that if you do encounter one, you will know right away.
Think about how it has been shared. Social media and email accounts can be easily hacked and information can be distributed by a hacker with malicious intent. Always be wary of clicking any link, no matter who it's from.
Help stop the spread of COVID-19 misinformation
While Google, Facebook, and Twitter are working diligently to help stop the spread of "fake news," it is ultimately up to us. Always fact check information before you post it. If it seems extreme, it probably isn't factual. If you see someone else spreading misinformation, send them a direct message to let them know that the information they posted is false.