The world is confronting a severe global health crisis and authorities are working hard to restore normality as quickly as possible. While millions of citizens are staying at home to stop the spread of the Coronavirus, cybercriminals are using the global panic to their advantage.
Scammers are using social engineering techniques to prey on disrupted individuals. By targeting the already alarmed population, threat actors aim to spread misinformation, steal personal information, illegally obtain financial capital, and distribute malware. Usually, these scams involve sending fake medical advice, the promotion of non-existent medicines or vaccines that could cure infected persons, or seeking donations for fake charities. Also, there have been a number of scams relating to a coronavirus map app that delivers malware to devices if downloaded.
Cybercriminals also appear to be focused on targeting victims based on their geographic location, showing particular interest in the most affected countries, with emails written in English, Italian, French and Japanese.
Threat actors are impersonating various companies, especially those in industries massively affected by the virus including healthcare, travel, transport, manufacturing, hospitality, and insurance. Our threat intelligence team has also noticed a huge spike in the number of phishing emails posing as official healthcare institutions, such as the World Health Organisation (WHO) or the Centers for Disease Control and Prevention (CDC).
Common COVID-19 scams
Security experts have discovered a set of domains that are likely to be delivering phishing emails:
A majority of emails pose as the World Health Organisation; the organisation's official email domain is @who.int therefore any email ending in anything other than 'who.int' is likely a threat actor committing fraudulent activities.
Generally, scams take these forms:
- Calls impersonating medical officials
- Calls asking for family members who have fallen ill
- Emails impersonating official healthcare institutions
- Emails asking for donations for fake charities
- Emails including malicious links or attachments
- Emails asking for sensitive information
This scam is impersonating the World Health Organisation (WHO) urging victims to open the document attached to find out supposedly essential information to prevent the spread of infection. However, cyber security experts claim that the attachment usually installs malicious software onto the computer and it is able to monitor the online activity of victims. Hints that this is a scam include:
- The sender email address looks suspicious and does not comply with WHO’s official email domain structure.
- Coronavirus is spelt differently three times in the same email.
- The general sentence structure is inconsistent and the email has an unofficial tone.
This scam email is impersonating the UK government and encourages users to click on a fake web page to input their financial information. GOV.UK will NEVER email you with information pertaining to a tax rebate. Information offering rebates as a result of coronavirus are not real.
Sales scams to be wary of
- Beware of websites selling essential supplies for quarantine. Some sites have reportedly processed payments, but never deliver the products. As stores are struggling to cope with the huge demand for essentials, many scammers are taking advantage of desperate customers that want to purchase things they can no longer find in local supermarkets. Items like face masks, hand sanitizer, and gloves are the most likely to be among the products fraudsters choose to advertise. Find out how to spot a malicious website here.
- Fake health adverts promoting cures for coronavirus such as teas, essential oil or other drugs, have been seen on different platforms including social media pages. Avoid websites claiming they sell virus cures and only rely on official government sources and licensed sellers. You can also report fake announcements on social media platforms.
How to reduce your online risks
- It is worth taking extra precautions with coronavirus and COVID-19 related emails - do not open attachments, click on links or provide any personal information. Official WHO links will always start with: ‘https://www.who.int’.
- Do not reveal sensitive information such as login details or card numbers to unsolicited messages or calls. Instead, request their name and contact number and make an independent check with the organisation.
- Be careful of fake online shopping sites requesting unusual payment methods such as upfront payment via money order, wire transfer, international fund transfer, preloaded card or electronic currency such as Bitcoin.
- Threat actors often try to instill a sense of urgency in victims so they do not have enough time to assess the situation. If you would like to make any donations, you should always check the legitimacy of the charity or crowdfunding site before sending any amount of money. In regards to the Coronavirus outbreak, the only call for donations WHO has issued is the COVID-19 Solidarity Response Fund. Any other appeal for funding or donations that appears to be from WHO is a scam.
- It is recommended that you research the names and the exact wording of the email to check any reference to scams reported online - many scams can be identified in this way.
- Always keep your computer security up to date with anti-virus and anti-spam software, and a good firewall.
- For the most up-to-date information, it is recommended that you directly search the official websites of the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
Worried you have been scammed?
- If you think you provided any bank account details, call your bank immediately and they can take you through appropriate steps to secure your money.
- If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on every site you have used them.
- If you received an email regarding COVID-19 and feel unsure as to whether it is a phishing campaign, you can verify if communications are legitimate by contacting the World Health Organisation directly at Contact WHO.
If you are currently working remotely and want to protect yourself online, DynaRisk is currently offering free access to our platform for 30 days. Our tool goes one step further than antivirus and monitors your data online, teaches you ways to improve your online behaviours and gives you access to our support team. Find out how to sign up here.