Everyone around the world is in a panic about COVID-19. Cybercriminals are worsening the situation. They are taking advantage of coronavirus to exploit and play on the fears of people across the world. Government agencies have been receiving thousands of coronavirus related scam reports since the outbreak.
Cybercriminals are pivoting their online criminal methods and taking advantage of using phishing emails, SMS, and phone calls. Cybernetic Global Intelligence Researchers and Government agencies have also observed the use of various social engineering lures around COVID-19, such as urging users to click on links, to download files, attachments, or install applications.
To assist you we have Identified some of the global trending attacks:
- Phishing emails impersonating Government agencies:
Cybercriminals pretends to be from Government and health authorities. They target users with emails including malicious attachments and, URLs. Once opened, sensitive personal data, card details, OTP, and financial details can be transferred to cybercriminals.
Some examples are:
- Worryingly, impersonations of the World Health Organization (WHO), and the Australian Government My Gov website promising information on safety measures to avoid infection are among the many examples of current cybercrime exploiting the COVID 19 situation
- Phishing emails have also targeted financial institutions offering financial relief or loans to help people and businesses get through the lockdown.
In Australia, cybercriminals are pretending to be Government entities to help users with applications for financial assistance or payments for staying home. Actual Examples of Scams For you to be Aware
- Payment or financial assistance scams
- Banking themed SMS phishing campaign:
- Charity scams: Cybercriminals are impersonating as NGOs or fund-raising organizations urging users to donate funds.
- Healthcare scams:
Cybercriminals are also spreading misinformation about Corona Virus. People have been receiving text, messages on social media, and emails regarding Corona Virus statistics, products claiming to be a vaccine, or cures for Corona Virus.
Some examples are:
- Impersonating from health organizations or doctors, asking users to click on a link to find the latest information on symptoms, treatments, and safety measures.
- Impersonating known charities and offering free medical products (e.g., masks) and asking for a donation
- Online selling of COVID-19 vaccines or fake cures and demanding up-front payments.
- Scammers are also offering to sell scarce and much needed healthcare items such as sanitizers, masks, and testing kits again requesting upfront payments. Hackers are claiming the availability of these products online and demanding money upfront.
- Fake websites and malicious mobile apps:
Cybercriminals have uploaded malicious applications and lead consumers to install them on their devices. Many people have been caught by these applications. Through these malicious applications, Cyber Criminals are gaining remote access to consumers in order to steal personal and financial information. Once they have access to your devices, they successfully bypass second-factor authentication like OTP (which is received on your devices) to perform fraudulent transactions or to steal funds such as your Superannuation.
Some examples are:
- Cybercriminals have registered typo-squat on primary domain of websites that reference COVID or COVID-19
- Texts providing false guidelines on the global spread of Corona Virus and targeting geographical areas that have high rates of COVID19 spread and deaths.
- Asking users to click on the link to watch videos on how best to protect against coronavirus.
- Business email compromise
Almost every company on the globe have adopted working from home arrangements to sustain their business.
Cybercriminals are crafting emails pretending to come from your employer’s IT help desk or HR departments requesting the employees log into a new portal in order to access the latest company information. The link is redirected to a malicious website that collects usernames, passwords, and other employee information.
How to protect yourself from these scams:
- Be careful of emails claiming to be from experts saying that they have information about the coronavirus.
- Be careful of fake online shopping sites requesting unusual payment methods such as upfront payment via money order, wire transfer, international funds transfer, preloaded card, or electronic currency, like Bitcoin.
- Never provide personal information without verifying the request is from a legitimate source of online requests for personal information. A coronavirus-themed email that seeks personal information like your card details, personal information or login information is likely to be a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
- Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email. Don’t click on links from sources you don’t know. They could download viruses onto your computer or device.
- Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
- Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
- Don’t let anyone pressure you to make quick decisions. Take your time and consider who you are dealing with. Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
- Always keep your computer security up to date with anti-virus and anti-spyware software, using a secured Firewall. Always purchase computers and anti-virus software from a reputable source.
- Never allow an unknown person who pretends to be from an authorized entity to take remote control of your device like desktop, laptop, mobiles
- Ensure all sites on which you are proving personal information, credit/debit card details are secured. If sites are secured, you will see site name begins with https:// (NOT http://). Always confirm the sign of a closed padlock next to it. The padlock should not have a red cross (X) on it and padlock should not be opened.
This website is secured as it begins with https:// and padlock is closed
This website is not safe as you will notice it begins with https://, the padlock has a red cross.