Scammers and other criminals are always quick to take advantage of crises,
and this latest centered around the spread of the deadly COVID-19 coronavirus
around the world is no exception.
With the Western world conducting a considerable chunk of its day-to-day life online,
with the help of computers, mobile phones and email, they are open to a variety
of coronavirus-related cyber scams and schemes.
Aside from those who (legally) exploit the crisis by gouging the panicking public
on the price of face masks, disinfectants, and similar items that are currently in big demand,
there are fraudsters who ostensibly sell masks but never send the hugely
overpriced items to those who have paid for them.
According to Reuters, victims in the United Kingdom have lost more than
800,000 pounds ($1 million) to coronavirus-linked scams since last month.
And then there are the phishers and malware peddlers: since the very beginning
of COVID-19’s surge in Wuhan, they’ve been tricking users with fake email notifications
and fake alerts impersonating local authorities, the US Centers for Disease Control and
Prevention (CDC), and the World Health Organization (WHO) to deliver malware
or to steal email credentials.
As predicted, more localized variants of these malicious emails have been
spotted as the virus spread to other countries: malware peddlers are delivering
Trickbot to Italian-speaking victims, Sophos researchers warn.
(In Italy, thieves have also been impersonating Red Cross workers via phone,
targeting old people and trying to trick them into letting them inside their apartments,
ostensibly to do a free test for the coronavirus).
The WHO has already warned about criminals posing as WHO representatives,
delivering malware and asking for login information and donations.
The US Cybersecurity and Infrastructure Security Agency (CISA) is also
counselling individuals to remain vigilant for scams related to COVID-19.
“Cyber actors may send emails with malicious attachments or links to fraudulent
websites to trick victims into revealing sensitive information or donating to fraudulent
charities or causes. Exercise caution in handling any email with a COVID-19-related
subject line, attachment, or hyperlink, and be wary of social media pleas, texts,
or calls related to COVID-19,” the agency advised.
They also urge users to use trusted sources for up-to-date, fact-based information
about the virus and its spread, and to verify a charity’s authenticity before making donations.
CISA has also published a document detailing risk management actions for
executives to consider “to help them think through physical, supply chain,
and cybersecurity issues that may arise from the spread of Novel Coronavirus.”