Learn how to recognize them and protect yourself, and where to go for legitimate COVID-19 information.
The coronavirus pandemic has changed the way so many of us live our lives that it’s on many of our minds throughout most of the day. Cybercriminals, always camouflaging their tricks to blend in with the latest topics, know this all too well. As a result, they have already launched countless scams preying on the panic surrounding the virus. So now, in addition to keeping ourselves safe from the novel coronavirus, we also need to protect ourselves from the worldwide outbreak of coronavirus-related cyber scams.
Most of these are phishing scams, in which the attacker tries to trick us into opening a malicious attachment, clicking a malicious link, or giving away personal information. This is done through outright lying and trickery, but fear not – there are ways to both recognize and combat these scams.
Avast Threat Labs recently discovered a new wiper malware family called CoViper that is taking advantage of the COVID-19 crisis. The malware masquerades as a file related to the Coronavirus. This devastating malware will rewrite the file that tells your PC what to do when it reboots. The result is a machine that can never progress past an empty boot screen.
To understand how to avoid these kinds of scams, let’s look at the most common types of scams hitting inboxes these days.
Industry-targeted emails – Primarily aimed at the manufacturing, transportation, higher education, and healthcare industries, these scams pretend to be important coronavirus information doled out to companies by a virus/ specialist. The emails urge victims to download an attached PDF for important coronavirus safety measures, but once a victim does that, malware is released into the system where it wreaks havoc and harvests data.
World Health Organization emails – These target individuals on an international scale, claiming to include important tips on how to stop the spread of the virus. Again, victims are directed to open an attachment that lists “safety measures,” but it actually unleashes malware into their systems.
Remote worker email scams – To take advantage of the fact that the majority of the workforce has shifted to working from home, attackers have devised scams that pose as corporate emails directing employees to click a link to sign up for a company seminar. Other variations on this cam request the employees click a Microsoft Word or DocuSign file. In all of these cases, the link or attachment is malicious.
Coronavirus maps – The informative and widely-accessed coronavirus world map by Johns Hopkins that shows real-time data on the global outbreak has been copied and counterfeited many times now. The phony versions are posted as malicious URLs that steal sensitive details stored in browsers, like credit card numbers, while users look at the map.
How to recognize coronavirus scams
The first step to avoiding these scams is being able to recognize them. The guidance here is similar to how we would spot a fake app, which is essentially to look at the finer details for dead giveaways. To detect phony apps, we look at the developer’s name, the reviews, the number of downloads, and other telltale signs of legitimacy. Detecting a coronavirus scam calls for similar vigilance. Use the following checklist if you think you may be the victim of a scam:
Check the source of your email. Look at the sender’s email address – does it look authentic? Do you recognize the name? Have you heard of this person or company before?
As always, never click on links in unsolicited emails.
Check website links for strange typos, added numbers, or anything that doesn’t look right. Many scammers use lookalike domain names, replacing an L with a 1, an S with a 5, etc.
Think twice (or even thrice) before opening any email attachments, even if you know the sender. Do not click on it unless you are absolutely sure it is safe.
Look over any information you receive through social media with a vigilant eye. Remember that Facebook posts, WhatsApp chains, and Twitter tweets can be doctored by anyone.
Be immediately suspicious of any email that exhorts you to “act now.” Many scams rely on the panic that can accompany a sense of urgency to trick people into clicking without first thinking about it.
Legitimate organizations will never send emails soliciting personal information like account numbers, passwords, or social security numbers. If you receive one that does, it’s most likely a scam.
How to avoid and combat coronavirus scams
Just like with the actual coronavirus, you can do your part to stop the spread of these scams by keeping yourself safe and protected. Chances are, you are now working either partly or completely from home. Many scams spread by first getting a foothold in a company’s system, usually through simple vulnerabilities like weak passwords. Keep yours robust by following the best practices for passwords – make them complex, never reuse any, and enable multi-factor authentication if it’s available.
Employers will want to keep security hygiene up-to-date with all their remote workers during this time. Make sure all employees are aware of these scams so they can stay vigilant. (Additionally, you can keep your workers sane and sensible with our working-from-home tips.)
Let’s all work together to stop the spread of misinformation about this virus, to stop the spread of scams playing on this virus, and to stop the spread of the virus itself. At moments like this, we owe it to each other to stay safe, stay kind, and stay smart.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.