COVID-19
Phishing and Scams on the rise
In these very special times, some criminals take advantage of the situation to try to cheat on us.
The current pandemic is everyone’s main concern, and it is perfectly understandable. In these very special times, some criminals take advantage of the situation to try to cheat on us.
The FBI, the Secret Service, and the World Health Organization have all recently issued warnings.
Since January 2020, based on Check Point Threat Intelligence, there have been over 4,000 coronavirus-related domains registered globally. Out of these websites, 3% were found to be malicious and an additional 5% are suspicious. Coronavirus- related domains are 50% more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s day.
In addition, a widespread targeted coronavirus themed phishing campaign was recently spotted targeting Italian organizations, hitting over 10% of all organizations in Italy with the aim of exploiting concerns over the growing cluster of infections in the country.
Criminals are disguising themselves as WHO to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.
Like any official organization, the World Health Organization will:
- never ask for your username or password to access safety information
- never email attachments you did not ask for
- never ask you to visit a link outside of www.who.int
- never charge money to apply for a job, register for a conference, or reserve a hotel
- never conduct lotteries or offer prizes, grants, certificates or funding through email.
- The only call for donations WHO has issued is the COVID-19 Solidarity Response Fund. Any other appeal for funding or donations that appears to be from WHO is a scam.
Beware that criminals use email, websites, phone calls, text messages, and even fax messages for their scams.
Suspicious topics
- Any message suggesting the availability of a vaccine or any kind of product supposed to cure is by definition very suspicious.
- Claims to be from a charitable organization is also a common trick used by criminals
- Mails from company HR departments prompting the receiver to reveal log-in credential must also be handled very carefully.
- Some emails distribute malware. In one version, discovered by KnowBe4 researchers, the author asks for help finding a “cure” for coronavirus, urging people to download software onto their computers to assist in the effort.
How to Avoid Getting Scammed
Think before you click. Howes says the best thing consumers can do to protect themselves is just slow down. If something does not seem right about an email, just delete it—ideally before opening it. You are better off not taking the risk.
Examine the link. Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. A “.ru” at the end of the link, for example, means the site was created in Russia; “.br” means Brazil.
Misspellings in URLs are another good tip-off to a fake website. If the URL says corronaviruss.com, it’s best to avoid it. Also, if you get an email advertising a great deal on masks or hand sanitizer at a major retailer, open a window in your browser, search for the retailer’s web address, and compare it with the one in your email.
Do not assume that a website is legitimate just because its URL starts with “https.” Criminals like to use encryption, too.
Don’t open attachments. They may contain malware. Never type confidential information into a form attached to an email. The sender can potentially track the info you enter.
Guard your financial information. Be wary of emails asking for account numbers, credit card numbers, wire transfers, and failed transactions. There is no reason to share such info.
Turn on auto-updates. This goes for your computer, smartphone, and tablets. Up-to-date antivirus software goes a long way toward stopping malware.
Use security tools. Install an antivirus program on your device and keep it up to date. You can also use a website reputation rating tool, which comes in the form of a browser plugin, to warn you if you try to go to potentially dangerous websites.
In addition, Europol has released a graphic list of precious advises:
