Cybercriminals and hacking groups are exploiting and taking advantage of the disruption and fears caused by the coronavirus through a range of phishing and malware attacks. Web users are in danger of losing money and sensitive data if they’re tricked into clicking on links in bogus emails, social posts or SMS messages claiming to contain important information about the pandemic.
Security experts are claiming that the recent spike in email scams linked to coronavirus is the worst they have seen in years. A report from security firm CheckPoint reported an upswing in the registration of domains related to coronavirus, with 4,000 coronavirus-related domains being registered since January. While many of those may well be legitimate, others will almost certainly be used to trick anxious consumers into thinking they’re genuine.
The report also found that sites on the darknet, the part of the internet that is not indexed by Google or other search engines, are advertising hacking tools capitalizing on coronavirus fears.
The World Health Organisation (WHO) issued a warning in early February about such issues, since then the US Federal Trade Commission (FTC) and UK government have repeatedly issued warnings on social media about such potential scams.
These attacks and scams are likely to proliferate as the outbreak intensifies. To help raise awareness, we’ve compiled a list of some of the most common cyber scams that we have been made aware of since the onset of the outbreak:
• Fake emails from national health authorities and WHO
Phishing emails with a link to a list of active infections in their area. The link actually takes victims to either a malicious web page capturing personal and sensitive information, a malware download, or requests a donation to a good cause with payment into a Bitcoin account.
• Bogus online shops
Fake online shops offering people protective facemasks, hand sanitiser and other protection products which, if ordered, never arrive.
• Charity based scams
Emails, texts and social media posts claiming to be from various charities such as the Red Cross inviting donations to Coronavirus victims/families or other related good causes.
• Coronavirus Vaccine collections
Emails, texts and social media posts claiming to be from various healthcare or research organisations collecting money towards the development of a vaccine or cure for Coronavirus.
• Social distancing/lockdown fines
SMS text messages claiming that the recipient has contravened social distancing and lockdown rules and need to pay a fine, users are asked to click a link which takes them to a payment page.
During these times of heightened fear and worry, these scams can often catch out the most diligent people. This is even more concerning considering that our Cybercrime SOS research in 2018 found that more than half (55%) of people surveyed are not confident of being able to prevent a cybercrime, and 1-in-2 (50%) of respondents were not confident of being able to detect a cybercrime.
At cxLoyalty, we have decades of cyber identity and ID theft protection experience. We’ve compiled a simple-to-follow checklist to help keep your customers safe from cyber-criminals and digital fraudsters:
• Is the email or message unsolicited?
Do not act on advice you didn’t ask for and weren’t expecting. If you were genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look. Furthermore, never feel pressured into clicking a link in an email or message; fraudulent communications are often designed to create a sense of urgency.
• Check the sender’s name and email address.
A sender can put any name in “From” field. Always check the senders name and associated email address and this will identify if the email is fake or not. If in doubt, do not respond to the email.
• Look out for spelling and grammatical errors.
Not all cyber-criminals make mistakes, but many do. Take the extra time to review messages for tell-tale signs that they’re fraudulent.
• Does the URL look legitimate?
Always check the URL before you click a link. If the website you’re being sent to doesn’t look right, stay clear. For example is the URL is not associated with the organisation purporting to have sent the email then there is a high probability that it will be associated with a phishing or malware site.
• If in doubt, don’t give it out.
Be careful of where you share your data. Never enter data that a website shouldn’t be asking for, or into a website that you do not know or trust. There is no reason for a health awareness web page to ask for your email address, let alone your password.
• Act fast if you think you’ve been compromised.
If you think you’ve revealed your password to fraudsters then change it as soon as you can. Criminals who run phishing sites typically try out stolen passwords, so the sooner you react, the more likely you will beat them to it.
• Use different passwords for online accounts.
Never use the same password on more than one site. Once a password is known by cyber-criminals, they will usually try it on every website where you might have an account; this process is typically automated and can leave all accounts compromised in a matter of minutes.
• Implement two-factor authentication (2FA).
2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. This could include a code that is sent to the user by SMS or a follow-up question. 2FA is available on many popular websites, social networks and email services, and is a huge barrier for cyber-criminals, because it adds another layer of protection beyond just the password.
We hope our tips help to make your customers feel safer in these unprecedented times.
We appreciate that each of you are facing our own challenges associated with the COVID-19 outbreak. Our hearts are with those who have been affected personally, as well as the many communities around the world that are facing extreme measures in the attempt to slow its spread.
Stay safe, stay well.