Scammers and cybercriminals are notorious opportunists. With more business being conducted virtually during the COVID-19 pandemic, it has presented many new ways for  them to strike. Recently, the Department of Homeland Security, World Health Organization (WHO), Federal Trade Commission (FTC), Securities and Exchange Commission (SEC) and the Better Business Bureau (BBB) have all issued warnings about the increase of COVID-19-related cyber-attacks.

As coronavirus news continues to evolve, there are many ways scammers can exploit the public’s fear in order to steal money and compromise businesses. To protect yourself and/or your business, be wary of websites for phony health care organizations, spoofed emails and emails that contain COVID-19 topics in their subject line.

Here are a few things to watch for:

Suspicious emails

Spoofed emails are difficult because the cybercriminal shows the sender’s email correctly.

• The email will often look like it is coming from your CEO, CFO, or another trusted source in your organization
• It usually asks for you to purchase and send out gift cards for them, or something similar
• If you receive one of these, call the alleged sender directly do not “respond” to the email

Additionally, be cautious of emails from unknown senders that contain COVID-19 content in their subject line. Some common suspicious email subject lines are listed below; however, any COVID-19 subject line could be a scam:

• 2020 Coronavirus Updates or Coronavirus Updates
• 2019-nCov: New confirmed cases in your City or Coronavirus outbreaks in your city (Emergency)

Before opening an email with a COVID-19 subject line, you should consider:

• Do you know the sender? Treat any COVID-19 emails from an unknown sender as suspicious
• Is the email unexpected?
• Hover over the senders’ name, and the full email address should appear. Look for insignificant misspelling: one “s” instead of two or a number used instead of a letter.

If you receive a suspicious email, never:

• Click on any links
• Provide any credentials or personal information

Instead, delete any suspicious emails right away. If you receive a possible phishing scam on a work email, alert your IT/Help Desk team as well.  

COVID-19 Websites

In addition to phishing emails, there has been a significant increase in website registrations related to COVID-19, which may be used to obtain user information or may spread malware. Often, these sites draw people in with claims of COVID-19 health solutions, including cures, remedies, vaccines, or testing kits. To determine if a website is fake, you should evaluate whether:

• The site has a secure connection (look for the padlock indication in your web browser).
• The site is offering item costs that seem too good to be true. In most cases, the low price is an easy way to obtain and steal credit card information from buyers.
• The site looks and sounds reputable. Often the content on fake websites is poorly written.

Social Media Scams

If you are on social media, be wary of fake news stories or fundraisers that may pop up as you scroll through your timeline. Unfortunately, fraudulent fundraising is frequent on social media platforms, as scammers use images and stories that play to your emotions. These scams can be difficult to spot because they may utilize legitimate platforms, including GoFundMe, so you should avoid making donations to any organization or person you are not familiar with.

Individuals Impersonating Government and Health Care Organizations

Hackers may also impersonate government or health care organizations to spread malware and obtain information, so you should be wary of any emails, text messages, or phone calls that claim to be from a government or health care organization. Scams may include fake warnings about infections in your area, vaccine or treatment information, and alerts about supply shortages. It can be challenging to identify these scams because they often closely match the logo and formatting used by the legitimate organization. One subtle clue of fraud is the use of a popular domain that is misspelled or includes “-security.” For example, a fake site may be listed as “cdc.gov-security”.

There is no shortage of ways in which scammers and hackers can use COVID-19 to try to launch a cyber-attack. It is essential to remain vigilant when receiving COVID-19 related communication. For additional technical guidance, now and during the road ahead, IDS members have access to expert IT support and cybersecurity solutions with special pricing through our trusted partner, Sunset Technologies.

To find out how Sunset Technologies can protect you and your practice, you can visit their website at www.sunsetsecure.com or email [email protected].

Leave a Reply