Can a human virus lead to a computer virus?
Yes — if you fall victim to a fresh crop of cyberattacks and scams that exploit concerns over the coronavirus outbreak.
One such attack arrives in the form of an email message from what appears to be the World Health Organization (WHO), suggesting you read an attachment with official information on how to protect yourself during the pandemic.
Clicking the file from this impersonator, however, downloads malware (malicious software) to your computer that lets cybercriminals have access to your data lifted from your keystrokes.
Other coronavirus-related malware is said to contain ransomware that locks computer files as ransom until the victim pays the bad guys to release them.
Another increasingly prevalent coronavirus-related risk is phishing scams, where a text message or email tries to lure you to a phony WHO website or other legitimate-looking site that asks you to login to view safety information provided by UN officials or doctors from the Centers for Disease Control and Prevention.
It’s phony, of course, which could lead to identity theft if you input the information requested.
Another scam looks like it’s from Amazon and asks you to sign into your account to get a free bottle of hand sanitizer with your next purchase over $20.
Sigh. Yes, it’s a fake.
“Specific phishing scams emerge every time something major happens in the world,” cautions Alexis Dorais-Joncas, Security Intelligence Team Lead at ESET, a global cybersecurity company with offices in Montreal and Toronto. “Unfortunately, they work all too well, as humans are attracted to breaking or shocking news and are easy prey.”
Content of an email may be even more convincing when it looks like it’s coming from a friend, family member, or colleague.
“Phishing messages commonly manipulate the sender field to look like the message is originating from an individual that is known to the recipient,” said Evan Koronewski, of the Communications Security Establishment, which houses the Canadian Centre for Cyber Security, responsible for the national Get Cyber Safe campaign (GetCyberSafe.ca).
“Malicious cyber actors are very adept at creating messages that look official, often referring to subject matter that is current or personal to the recipient,” maintains Koronewski, based in Ottawa.
Dorais-Joncas said ESET has also seen financial scams tied to COVID-19 fears.
“This is where fake or bad quality products are being advertised at very high prices, such as masks or disinfectant,” Dorais-Joncas said.
Amazon has removed over a million products from its marketplace from those who either priced the items unfairly or made false claims, he said.
So, what to do?
You don’t need a degree in computer science to reduce the odds of falling victim to a cyberattack or phishing scam — tied to coronavirus, or otherwise.
A few suggestions for you and your loved ones:
— Always independently verify that any requested information originates from a legitimate source. Never open an attachment or click on a link from senders you don’t recognize. Even if you think you know the sender, if it seems odd they’d send you information like this, contact them (in another way) to confirm it’s the real deal.
— If you get an email, text or phone call that asks you to urgently confirm your personal or financial information, it’s fake. The CRA or your bank will never ask for sensitive information in this way. When in doubt, call the organization to ask if it was them (chances are, it won’t be).
— Get Cyber Safe is a national public awareness campaign created to inform Canadians about cyber security and the simple steps they can take to protect themselves online, including how to recognize phishing campaigns. The URL is GetCyberSafe.ca, or follow @GetCyberSafe on social media for a range of cybersecurity tips.
— Forward all suspicious emails to the RCMP at antifraudcentre-centreantifraude.ca or by calling 1-888-495-8501
— Create long and complicated passwords (or passphrases), don’t use the same ones for all your online activity, and change them every month or two.
— Install good cybersecurity software on all your devices and ensure you set to auto-update, in order to protect you from the latest malware and other threats. ESET, for example, also works with Android devices to scan app downloads and flag suspicious websites
— Don’t use free public Wi-Fi as you’re more at risk compared to browsing on a secure private network. Remain anonymous online by using a VPN (Virtual Private Network).
— Stick with reputable retailers when giving out your credit card info and look for indicators that the site is secure, such as a little lock icon on the browser’s status bar or a URL for a website that begins with “https” (the “s” stands for “secure”).
— Marc Saltzman is a Toronto-based technology journalist, author, broadcaster and public speaker