Scammers and other criminals are always quick to take advantage of crises, and this latest – centered around the spread of the deadly Covid-19 coronavirus around the world – is no exception.
With the Western world conducting a considerable chunk of its day-to-day life online, with the help of computers, mobile phones and email, they are open to a variety of coronavirus-related cyber scams and schemes.
A rising threat
Aside from those who (legally) exploit the crisis by gouging the panicking public on the price of face masks, disinfectants, and similar items that are currently in big demand, there are fraudsters who ostensibly sell masks but never send the hugely overpriced items to those who have paid for them.
According to Reuters, victims in the United Kingdom have lost more than 800,000 pounds ($1 million) to coronavirus-linked scams since last month.
And then there are the phishers and malware peddlers: since the very beginning of Covid-19’s surge in Wuhan, they’ve been tricking users with fake email notifications and fake alerts impersonating local authorities, the US Centers for Disease Control and Prevention (CDC), and the World Health Organization (WHO) to deliver malware or to steal email credentials.
New twists and warnings
As predicted, more localized variants of these malicious emails have been spotted as the virus spread to other countries: malware peddlers are delivering Trickbot to Italian-speaking victims, Sophos researchers warn.
(In Italy, thieves have also been impersonating Red Cross workers via phone, targeting old people and trying to trick them into letting them inside their apartments, ostensibly to do a free test for the coronavirus).
The WHO has already warned about criminals posing as WHO representatives, delivering malware and asking for login information and donations.
The US Cybersecurity and Infrastructure Security Agency (CISA) is also counseling individuals to remain vigilant for scams related to Covid-19.
“Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19,” the agency advised.
They also urge users to use trusted sources for up-to-date, fact-based information about the virus and its spread, and to verify a charity’s authenticity before making donations.
CISA has also published a document detailing risk management actions for executives to consider “to help them think through physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus.”