As the world struggles to cope with the coronavirus pandemic, a parallel digital war is being fought online against another type of global virus. There are malicious actors preying on people at their most vulnerable in attempts to steal what they can. Learn about the latest coronavirus scams so you can stay focused on keeping yourself and your loved ones safe.
Coronavirus scams targeting the public
Scammers targeting the public will try to use fear and concern about the coronavirus pandemic to get victims to drop their guard. Scams that have already been observed include:
- Posing as the World Health Organization or Center for Disease Control and asking recipients to download documents containing safety tips. The files have been found to contain malware designed to steal banking credentials or to keylog people’s passwords;
- Fraudulent offers for face masks, hand sanitizer, and other products whose supplies have been stretched thin during the coronavirus crisis;
- Emails from tax authorities offering victims “tax refunds” to help them cope with the coronavirus pandemic. All they had to do was enter their name, address, phone number, mother’s maiden name and bank card number – a clear scam.
- Scammers have been scooping up COVID-19 and coronavirus domains, turning them into malicious malware injection sites. These can even include domains designed to catch common typos, using words like “doronavirus” instead of “coronavirus”.
- Fake coronavirus cures. They claim to be renegade doctors repressed by the Chinese or Western governments who already have vaccines available. All you have to do is click on their link and download something or enter your personal information.
- Donate to help find the cure for coronavirus! The only problem is that many of these requests are bogus. Many of the scams detected have asked victims to donate their money in untraceable bitcoins.
- Fake coronavirus maps. Maps tracking the spread of the pandemic are useful and fascinating, as they let us watch the crisis unfold as it happens. Some scammers are using functioning fake copies of these maps to deploy malware onto victims’ devices.
These are only the scams that have already been detected and documented. As governments bring new tools to bear in the fight against COVID-19, other predatory scams might appear:
- Finally – free coronavirus testing! All you have to do is enter your credit card number or other sensitive personal data. It may be a legitimate offer, but you'll have to be extra careful to make sure it's legitimate. Your best bet is to contact your national public health authority;
- Your coronavirus test results have arrived. Whether or not you’ve actually taken a test, all you need to do is give us your sensitive personal data to find out if you’re infected. If you do take a test, make sure you double-check the correct procedure for receiving your results with the whoever performs the test;
- Your mother has been hospitalized and the hospital’s supplies are running low! You can help by sending untraceable bitcoin funds to this anonymous bitcoin wallet. This would be a variation of the classic car crash scam with a unique spin to prey on our fears about the COVID-19 pandemic.
It’s easy to imagine other scams that might still arise. They work because they prey on the fears that so many of us feel about the coronavirus pandemic. It’s important to keep a cool head to see through them. Read on for security tips that will help keep you from falling for these tricks.
Coronavirus scams targeting healthcare workers
It’s bad enough that scammers and hackers are targeting the public during a pandemic. Worse still are the scammers targeting healthcare workers and institutions.
One such scam involved fake emails from the World Health Organization claiming to contain the latest recommendations or directions for healthcare professionals. The attached files instead deployed malware.
Coronavirus scam security tips
So far, a majority of the scams have involved masquerading as various global or national health organizations and institutions. Unfortunately, hackers have no problem undermining these helpful institutions’ communications to turn a quick buck.
- Use the right coronavirus map. This link leads to the John Hopkins coronavirus map that some reports have been saying has been hacked. These reports are not entirely accurate. Though it is theoretically possible for the map to have been hacked, what has actually happened is that hackers have made copies of it and are sending it to victims as a downloadable app that contains malware. Do not download this map from here or anywhere else. Simply view the legitimate map in your browser.
- Don’t download anything (and be careful around links as well). It’s difficult to imagine a scenario where an organization like the WHO would need you to download safety tips rather than simply including them in its email/SMS or on its site. So don’t download anything you aren’t 100% sure of. Be careful with links as well. Right click on any link you receive to make sure it’s going to an official website. If you have any doubt at all, simply navigate to that website yourself and find the content you were looking for.
- Keep a cool head. Yes, masks and hand sanitizer are running low in many places around the world. But imagine they weren’t. Would you buy some from a random SMS asking you to provide your credit card info? You’d probably find a reputable dealer or go to a local store. Stick to your common sense and don’t let fear get the best of you.
- If it sounds too good to be true, it probably is. What are the odds that the secret cure to COVID-19 just landed in your inbox without anyone else in the world knowing about it? This stands for any scam, whether or not it uses the coronavirus to trick you.
- Make sure you donate to the right place. Donating money to help fund the search for a treatment or vaccine is a noble cause. Just make sure you’re donating to a reputable organization. In a scammer’s hands, 0% of your donation will be going to COVID-19 research.
- Carefully examine any URL or email address you see. Any URL you see with a typo while looking for info on the coronavirus is a dead giveaway – it’s a scammer hoping you don’t notice the mistake and download something on their site or enter sensitive info. The same goes for links you might want to click on or any email you get. SOmetimes, even email senders can be spoofed, so you can always fall back on advice we gave earlier: if the email contains a link, try going to the website yourself and finding what you need instead of clicking.
Stay safe, everyone! For more cybersecurity and privacy tips, subscribe to our monthly blog newsletter below.