There’s never been a crisis that cyber criminals won’t try to exploit — rest assured, they are out in full force during the coronavirus crisis. Their goal is to capitalize on your fears and anxieties to steal your money and your credentials. They hope that you will be distracted and that your guard may be lowered. We offer a roundup of just a few of the scams that we’ve been hearing about, along with resources that offer security and protection tips.
The Federal Communications Commission alerts us that phone and text message scammers are out in full force to take advantage of the coronavirus crisis to prey on consumers and they discuss common ploys and talk about how to protect yourself in COVID-19 Consumer Warnings and Safety Tips.
Common scams include offering free home testing kits, promoting bogus cures, selling health insurance, and preying on virus-related fears. They also prey on financial fears offering bogus debt consolidation services and work from home schemes. They tout fake charities. Scammers often impersonate government agencies.
One particular issue to be aware of:
Many consumers will receive checks as part of the federal government response to the coronavirus. No one will call or text you to verify your personal information or bank account details in order to “release” the funds. The Treasury Department expects most people to receive their payments via direct-deposit information that the department has on file from prior tax filings.
The FCC offers the following tips to help you protect yourself from scams, including coronavirus scams:
- Do not respond to calls or texts from unknown numbers, or any others that appear suspicious.
- Never share your personal or financial information via email, text messages, or over the phone.
- Be cautious if you’re being pressured to share any information or make a payment immediately.
- Scammers often spoof phone numbers to trick you into answering or responding. Remember that government agencies will never call you to ask for personal information or money.
- Do not click any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren’t hacked.
- Always check on a charity (for example, by calling or looking at its actual website) before donating.
Coronavirus Phishing Scams
Consumer Reports talks about phishing scams that pitch COVID-19 health information and fake cures. They say that:
Many of the emails, which often appear to be sent by WHO or the Centers for Disease Control and Prevention, pretend to offer new information about the virus.
Some hint at the availability of a vaccine, and others claim to be from charitable organizations looking to raise money for victims.
Although the ploys are “depressingly familiar” to those well-versed in phishing emails, they come at a time when people worldwide are particularly vulnerable, says Eric Howes, principal lab researcher for KnowBe4, a cybersecurity company focused on phishing prevention.
“When people are distracted, concerned, and extremely motivated to get information,” he says, “you can’t count on them to notice things they might have in calmer times.”
Their post shows how the phishing scams work and offers a list of tips from digital security experts on how to avoid getting scammed.
Consumer Reports also offers other coronavirus-related alerts:
- Beware of Products Touting False Coronavirus Claims
- Coronavirus Robocall Scams Spotlight Need for Better Consumer Protections (with tips for how to protect yourself)
Online shopping safety: protect against skimmers
Malwarebytes offers tips for safe online shopping post COVID-19. They talk about various problems online shoppers should be on alert for, from raised prices and price gouging to counterfeit goods. They remind shoppers to use only trusted sites and to visit those sites directly rather than through links found in emails or on web pages, which could be phishing attempts. They offer this pro tip: Bookmark favorite URLs to save on manually typing. By saving the URL rather than searching for a shop name, you are less likely to be fooled by impersonators.
They call out one threat many shoppers may be unaware of and most people wouldn’t spot – online shopping cart skimmers:
Ever since shelter-in-place orders have sent millions of shoppers online, the Malwarebytes threat intelligence team has noticed an uptick in the amount of digital credit card skimmers, also known as web skimmers. Web skimmers are placed on shopping cart pages and collect the payment data that customers enter when they purchase an item online.
Cybercriminals can hack the websites of legitimate brands to insert web skimmers, so avoiding resellers or little-known boutiques won’t protect shoppers from web skimmers. Instead, consider using an antivirus with web protection or browser extensions that block malicious content.
To help prevent such exploits, make sure you have good antivirus and anti-malware protection and keep it up to date.
Working from Home
The Better Business Bureau says that as more people work from homes, IT and security companies are noting an increase in hacking/phishing attempts. They offer 10 Tips to Stay Cyber Secure When Working Remotely. We also found this great advice. concrete advice from insurer HSB to be very helpful: Seven Ways in Seven Days to Boost Cybersecurity While Working Remotely. They talk about each step in more detail, but here’s a summary of steps they suggest/
Day 1: Unsubscribe to unsolicited email
Day 2: Get on the “Do Not Call” List
Day 3: Block unwanted callers
Day 4: Try a password manager
Day 5: Employ multi-factor authentication
Day 6: Confirm that operating systems have the latest update installed
Day 7: Confirm and update subscription(s) to anti-virus and anti-malware software