Whenever a public crisis rears its ugly head, hackers and scammers are all too ready to rub their hands together and take advantage of the fear in the air. With the spread of the novel, it’s a good idea to be wary of new iterations of the same old malware and phishing attacks — especially if you’re spending more time . A recent release from the US Cybersecurity and Infrastructure Security Agency offers some solid advice on what to watch out for.
“Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes,” CISA said in the release. “Exercise caution in handling any email with a COVID-19-related subject line, attachment or hyperlink, and be wary of social media pleas, texts or calls related to COVID-19.”
Here are three coronavirus-related online scams to avoid.
Here phishy, phishy
Unsolicited emails that prompt you to click on an attachment should always raise a red flag when you’re checking your inbox. But these classic email phishing scams still lure unsuspecting users into downloading malicious items and giving up their login information every day.
Among other steps to create a safer inbox, CISA recommends turning off your email client’s option to automatically download attachments. Not all email clients offer this and each client is different, but some do. Because social engineering attacks — scams designed to persuade you to hand over your sensitive information by targeting specific information about you — have become increasingly common in times of crisis, it’s also a good idea to read up on how to identify these security risks.
And remember, never reveal personal or financial information in an email, or respond to requests for it.
If you’re looking to track COVID-19 news with an app, it’s a good idea to keep an eye out for malware traps. Last week, a malicious Android app called CovidLock claimed to help users chart the spread of the virus. Instead, it led to a slew of Android phones being locked and held for ransom by hackers.
Meanwhile, Reason Labs recently discovered hackers were using coronavirus-tracking map sites to inject malware into people’s browsers. As reported by Market Watch this week, coronavirus-related website name registrations are 50% more likely to be from malicious actors.
As Android Authority points out, setting a password on your phone can help protect you from a lock-out attack if you’re using Android Nougat. It’s also a good idea to stick to the Google Play store for any coronavirus-related apps to better your odds of installing benign software.
During a disease outbreak or natural disaster, the better angels of our nature compel us to open our wallets to the less fortunate through charitable giving and donation. Before we follow that impulse, we need to take an extra few moments to make sure the charity isn’t a funnel into the bank account of a predatory impersonator.
Taking a few moments to review the Federal Trade Commission’s Charity Scams page could save you the heartbreak of an emptied checking account. You can also improve your odds by searching sites such as guidestar.org and give.org for the name of your charity before donating.
Random Facebook groups offering supposed home cures for COVID-19, long Twitter threads from self-appointed health experts and cleverly designed websites — there are dozens of ways misinformation can lure unsuspecting victims into a position of vulnerability. While it can be hard to sort the solid information from the scam-baiting, here are a couple of ways:
- By clicking the “about” section of a Facebook group, you can see whether that group has changed its name multiple times to reflect new national crises — a sure sign that the group is trawling for an audience rather than promoting reliable news.
- Keep an eye on official sources on Twitter, including the accounts of trusted news sites and their news reporters, and avoiding political operatives where possible.
- If a site claims to be an official government publication, check the URL to see if it ends in .gov.
For more tips on avoiding internet scams during the novel coronavirus pandemic, check out CISA’s official tipsheet.