March 24, 2020

COVID-19 Internet Scammers and Phishing

Criminals are opportunists, and as seen in the past, any major news event can become an opportunity for groups or individuals with malicious intentions. The Coronavirus is no different. In fact, the Coronavirus is a prime opportunity for enterprising criminals because it plays on one of the basic human conditions…fear. Fear can cause normally scrupulous individuals to let their guard down and fall victim to social engineering scams, phishing scams, non-delivery scams, and auction fraud scams.

Some of the potential scams to watch out for include:
Phishing: The fraudulent practice of sending emails disguised as coming from reputable companies in order to entice people to reveal personal information, such as passwords or credit card numbers.
Social Engineering:  The use of social media to seek donations for fake charitable causes.
Nondelivery Scams: Fake advertisements for in-demand medical supplies that can be used to prevent/protect against the coronavirus. The criminals will demand upfront payment or initial deposits then keep your money and never complete delivery of the ordered products.

The U.S. Secret Service Agency offers the following advice regarding the above scams:

  • Phishing Emails/Social Engineering — Avoid opening attachments and clicking on links within emails from senders you do not recognize. These attachments can contain malicious content, such as ransomware, that can infect your device and steal your information. Be leery of emails or phone calls requesting account information or requesting you to verify your account. Legitimate businesses will never call you or email you directly for this information.
  • Always independently verify any request for information that appears to come from a legitimate source.
  • Visit websites by typing in the domain name yourself. Receiving “certificate errors” can be a warning sign that something is not right with the website.

The Federal Bureau of Investigation and the World Health Organization say individuals are already using the coronavirus to impersonate WHO officials to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.

The World Health Organization will never:

  • Ask you to log in to view safety information.
  • Email attachments you didn’t ask for.
  • Ask you to visit a link outside of www.who.int.
  • Charge money to apply for a job, register for a conference or reserve a hotel.
  • Conduct lotteries or offer prizes, grants, certificates or funding through email.
  • Ask you to donate directly to emergency response plans or funding appeals.

The FBI is reminding you to always use good cyber hygiene and security measures. By remembering the following tips, you can protect yourself and help stop criminal activity:

  • Do not open attachments or click links within emails from senders you don’t recognize.
  • Do not provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in .com” instead).