As the COVID-19 outbreak continues, scammers and hackers are taking advantage of the fear and confusion surrounding the current circumstances by posing as reputable news sources, or offering information. These malicious actors are using the stress and the urgency of the current situation to misappropriate personal information, download malware, and attempt to scam money from consumers. These criminals are the online version of “looters” seeking to take advantage of a societal crisis.
Many businesses have instructed their employees to work from home wherever possible. Being "home alone", dealing with the stress of the overall situation, and receiving a higher number of texts, calls, and emails, puts individuals at a higher risk of accidentally falling victim to a scam.
Below is a list of the common types of scams related to the COVID-19 situation, as well as some tips on what you can do to protect yourself.
The majority of these scams purport to offer some information on the virus—often a bogus cure, selling counterfeit products, providing an update on impacted individuals in your community, or providing further information on how to prevent its spread.
Last month, the World Health Organization (WHO) issued a communication warning that criminals pretending to be from the WHO were sending fake phishing emails. In these emails, recipients are asked to give sensitive information (such as usernames or passwords), click a link, or open an attachment. Similar phishing emails are being sent which purport to be from other government or official entities, such as the Centers for Disease Control and Prevention, the U.S. Food and Drug Administration, or the Canadian Red Cross.
The Winnipeg police sent out a notification on March 16 warning of a phishing email scam in which recipients were told that they were contaminated by the novel coronavirus and asking for credit card information for medication to be shipped. Similarly, police in Chatham-Kent, Ontario have warned of fraudulent phone calls from individuals pretending to be doing door-to-door testing for COVID-19 screening in order to gain personal information.
Malicious websites are also proliferating. One group of scammers went so far as to create a malicious "dupe" website, mirroring the legitimate map of COVID-19 cases provided by Johns Hopkins University. The "dupe" website looks like the Johns Hopkins map, but infects the user's computer with a malware that can exfiltrate sensitive information. This is not the only such website—Check Point Research estimates that domain name registrations containing the term "coronavirus" have also spiked, and are 50 percent more likely to be malicious than other domains.
INTERPOL is encouraging individuals to exercise caution when purchasing medical supplies online, as many criminals are either selling counterfeit product or creating fake online “shops”. When purchases are made, the credit card number and personal information of the purchaser is stolen, the money is received, and no product—or a counterfeit product—is received.
The Canadian Anti-Fraud Centre (CAFC) has announced that unauthorized or fraudulent charities are requesting money—either to support victims or to research COVID-19. The CAFC recommends verifying that a charity is registered before donating, and not being pressured into any donations. More information on avoiding charity scams is published by the RCMP.
Criminals are also taking advantage of individuals being at home and bored, with their guard down. We received the following text message, for example, while this article was being written!
Investment scams are also becoming common. On March 16, the Nova Scotia Securities Commission alerted investors to be wary after an investor received a call from a fraudster pretending to be from a major Canadian bank. The investor was told that their investment plan was collapsing, and they needed to put money into an account to save it.
Similarly, the Victoria Police have warned about fraudsters who are urging investment in "hot new stocks related to the disease", and the New York Times has cautioned about "dubious investments" being marketed to individuals interested in purchasing while the market is low.
The normal rules of cybersecurity continue to apply, because even though the messages may relate to COVID-19, the end goal of infecting your device with malware, stealing your personal information, or scamming your money is still the same.
The U.S. Cybersecurity and Infrastructure Security Agency and the CAFC recommend individuals take the following precautions:
Most importantly, if it seems too good to be true, it probably is. More information on avoiding scams and protecting yourself is available from the CAFC. If you have any questions about how you or your organization can respond to privacy or data security issues, please contact the Bennett Jones Privacy and Data Protection team.