The global outbreak of the COVID-19 disease has offered cybercriminals an avenue in which they are using to exploit and defraud unsuspecting people. As the epidemic continues, scams and attacks will continue to evolve and attempt to exploit people’s fear and needs.
Some examples of COVID-19 exploits and scams include:
Scammers posing as health authorities, such as the Centers for Disease Control and Prevention (CDC), or the World Health Organization (WHO), are sending emails intended to trick recipients into providing personal information, financial details, or spreading malware. Some of the phishing emails contain attachments such as Word documents or PDF’s that often claim to provide vital information but contain malicious code that can infect the computer.
- Check the senders’ email address very carefully, as a phishing email address can closely resemble a legitimate address. If ever in doubt, delete the email.
- Never respond to an email with your personal or financial information. Government agencies will not request that information in an email.
- Don’t click on links in an email. Instead, navigate to the website to check for any relevant information.
- Avoid any email that insists that you act now. This technique attempts to create a sense of urgency and convince you to click on a link or provide information.
Scammers are defrauding consumers by claiming to sell products that are currently scarce, and in high demand, such as personal protective equipment and home goods, with no intent to deliver the product.
- Only purchase from reputable companies. If a deal appears to be too good to be true, or a seller has a large amount of something otherwise difficult to locate, beware.
- Review the sellers’ customer reviews if available to verify that prior customers have received the products, and they were satisfactory.
As more and more people are affected by COVID-19, the solicitation of donations will increase. Be aware of solicitations that request donations in cash, money wires, or gift cards – they are usually scams.
- Research any organization or crowdfunding sites before donating, and keep a record of that donation.
- Review the ‘How to donate wisely and avoid charity scams’ on the Federal Trade Commission (FTC) website.
Computer and mobile applications
Cybercriminals are exploiting users that are interested in tracking COVID-19. They display a map loaded from a legitimate source, and trick users into downloading a malicious app designed to steal sensitive information, such as the users’ credentials, and credit card numbers, sometimes selling them on the dark web.
- Only download applications from reputable sources.
- Keep your computer, mobile device, and anti-virus software up to date.
There have been reports of scammers using phone calls, text messages, and robocalls to offer bogus things such as free COVID-19 tests, miracle cures, preventative products, and medical insurance. Some callers are pretending to be health care providers or facilities that have treated someone you know for COVID-19 and demand payment for treatment.
- Do not reply to or click on any links within a text message from an unknown number.
- Scammers can easily spoof phone numbers. If the call or text seems out of character for the sender or asks for information or money, hang up or do not reply.
- Don’t press any buttons that claim to be responding as ‘no’ or claim to remove the number from a call list – instead, hang up.
Most people have heard about the $2.2 trillion stimulus bill that the federal government passed from the news and social media. The scammers have as well and are using multiple tactics to ask for personal and financial information. Taxpayers don’t have to sign up to get the money, and the federal government will not call, text, or email you requesting information.
- Do not share any personal or financial information with anyone claiming that it is required to receive the stimulus check.
- Report any calls, emails, or text messages received that claim to be about the stimulus checks to the FBI at www.ic3.gov.