The world is continuously striving to adapt to unusual times. The pandemic has hit us in ways no one could have imagined. And how have we fought back? Social distancing is the new order of the day. Facemask is now a regular part of our outfits. We are finding more important technology applications - for work, communication with friends and family, and other personal uses. In all of these, the watchword is "safety." But as much as we prioritize physical safety, we must not relax as regards online safety. Now, more than ever, scammers are maximizing these strange terrains to unleash terror on unsuspecting individuals.
For some context, the recently-published Federal Trade Commission Report showed a disturbing increase in the rate of online fraud over the past few months. The report, which covered activities between January and April 2020, showed that Americans had lost $13.44 million to fraud. There were over 18,000 COVID-19-related scam reports from both individuals and corporate bodies across the country. These statistics point to a simple fact - cybercriminals are on the run to exploit people as much as possible during these times, using the COVID-19 pandemic as a lure.
Are you worried? Don't be; help is here! We have carefully prepared this post to help you navigate these tricky times. We have highlighted the most common scams amid the COVID-19 pandemic. For each type of fraud discussed, we identified the signs and how to avoid them. You deserve to be as safe online as you are offline.
So, without wasting time, let's get to it!
Fake and Phishing websites
The first on the list of online pandemic scams is the increasing number of fake and phishing websites springing up by the day. Internet users are terrified of doing the barest minimum, like buying a facemask online. These cybercriminals know that more people have trusted the internet as their go-to solution for issues. And for this simple reason, they have continued to come up with thousands of fake and phishing websites.
According to the Justice Department, it has shut down several bogus websites, especially those with pandemic-related terms like "covid19," "coronavirus," or "COVID" in their domain names. The same goes for websites with promises to give people vaccines, relief packages, or stimulus arrangements. These websites tend to mimic real government sites with the same pandemic-related information. Other times, they harbor malicious ads that scrape the personal information of unsuspecting users.
Some of these websites may disguise facemask and cleaning supplies' sales and supply. However, in reality, the aim is to illegally get the personal and credit card information of prospective buyers for the wrong reasons.
What can you do?
In the case of fake or phishing websites, ensure that you:
-
Doublecheck the website's URL - the domain should either be .org or .com. Avoid official websites ending in com.co, .co, or .ma. they are most likely fake.
-
Install an ad-blocker on your internet browser - so that these malicious ads do not load or access your personal information. There are solid adblockers for internet browsers on desktop and phones.
Scam Calls
Robocallers are not as dumb as they sound. They do not just call their victims out of the blue. A lot of effort goes into planning to ensure they seem convincing enough to their victims. You will be surprised at how resourceful and productive they are. Using their resources, they already know how to adapt to your response. Most of these scam calls come from spoofed phone numbers.
They go as far as using digits belonging to government agencies and banks. Other times, they maliciously extract relevant information from your bank. All these are in a bid to identify and exploit any crack in the system. According to NextCaller, there has been a 50% increase in high-risk calls to financial institutions over the last six months, with some banks getting over 5,000 more high-risk calls hourly.
What can you do?
-
Once you suspect a call to be malicious, hang up, and return the call. For instance, if you get a call from your bank reporting a fraud alert, hang up and call back the customer service number on your credit card for confirmation.
-
Do not add businesses to your address book. For instance, do not save your bank's support number in your address book with the bank name as the label. A simple spoofing may allow scammers to disguise their calls as coming from the bank.
Mobile Malware
A lot is happening about the pandemic. Most people seek more accessible ways of keeping up with these vast developments. Therefore, they resort to using a COVID-19 news app. For instance, CovidLock came to light in March, disguised as an app designed to chart the virus's spread. However, its real intention is to lock and hold Android phones and their owners to ransom. CovidLock is just one of over ten malicious apps uncovered by researchers for the same purposes.
Hackers want to present these apps as legitimate, safe coronavirus-related apps. Once they gain the users' trust, they leverage this and their tools to scrape sensitive data and amass fraudulent revenues via freemium services. There are also coronavirus-tracking map sites that can infect users' browsers with malware.
What should you do?
-
Get your coronavirus-related apps from trusted sources like Google Play Store or other official app stores.
-
Set up a strong password on your phone to prevent a lock-out attack, especially for Android Nougat users.
Phishing Email and Text Messages
Phishing is not entirely new; impersonating someone else just to get the personal information of another individual has been around for decades. The only explanation for its long-term relevance is that it works. Phishing - as related to the pandemic scams - revolve around scammers sending text messages and emails in disguise. They may come as the World Health Organization, the Internal Revenue Service, the Centers for Disease Control and Prevention, and other top government agencies.
They lure people by promising them easy access to government-sponsored financial assistance. However, that is not all; they embed malicious links in the message body. These links lead to websites asking people to submit their personal information or tricking you into downloading files with malware.
What can you do?
-
Doublecheck the sender of any email. The email address will most likely appear legitimate at first look. But a closer look will reveal a discrepancy - for instance, one or two unusual characters. In the case of phone numbers, the sending number is usually more than ten digits.
-
Double-check hyperlinks without clicking on them. A quick hovering over a link with your mouse will show you a preview of the page. Once you find the link(s) suspicious, mark the email as spam and delete it immediately. Do not click on included links or respond to text messages from unknown senders.
Charity Checkouts
Charity becomes even more popular during natural disasters or a disease outbreak, as it is during the current times. People lend helping hands to the less fortunate by opening online wallets on their behalf to receive donations from well-meaning individuals. Unfortunately, the rotten eggs in society are taking advantage of this noble intention.
Scammers have launched hundreds of fake charity campaigns in recent months. Our advice is that you take a closer look at any charity link or campaign. They might just be funnels, which siphon funds into the bank account of an impersonator fronting as a helper.
What can you do?
-
For starters, take a look at the Charity Scams page of the FTC. The page contains the list of every charity scam uncovered. Other websites like give.org and guidestar.org offer a comprehensive list of almost all legitimate charities.
-
You should check for the name of the charity you want to donate to before parting with your hard-earned money.
Legitimate Sources
Interestingly, even the sources that appear legal can be misleading sometimes. For instance, we have seen several random Facebook groups where a supposed admin lures people into trying specific home cures for COVID-19. What about long Twitter threads authored by acclaimed health experts to lure people into visiting websites where they can supposedly find fast help for COVID-19. These and other ways are what scammers use to trick innocent people into a position of vulnerability. Ultimately, it becomes difficult to distinguish legitimate information from the scam-bating.
What can you do?
Not to worry, here is what you can do to avoid these dangerous situations:
-
Every official government website or publication must end in .gov. If this is not the case, avoid such a site and every claim that comes from it.
-
Monitor the official sources on Twitter. Only stick to trusted news sites and reporters. Political operatives are not the ideal information sources; avoid them.
-
Before you believe any offer or information from a Facebook group, look at its "about" section. Here you can see how often the group has changed its name and for what reasons. A malicious group focused on amassing the audience would change names many times without providing any reliable news.
Your home (your new remote workplace)
The pandemic has forced millions of office workers to work from home. The hackers are also aware of this. Hence, they bombard your home networks with tons of attacks. Other times, the target is the personal email accounts of unsuspecting remote workers. You cannot stop them from sending these attacks, but you can build a safe wall around your data.
What can you do?
-
Do not combine work/business tech with personal tech. You may become so relaxed working from home that you start finding your gadgets and tools more comfortable than the offices. However, you must resist this urge! Do not use your email addresses, texting apps, or computers for official tasks. Why? The security in your gadgets may not be as strong as your company's security.
-
Monitor your network security closely. You cannot afford to leave your WiFi routers outdated. Always run the latest firmware and software version. Install security updates as soon as they arrive. Do not leave anything to chance. For routers that have been running for over seven years, the security updates might become sparing or non-existent. In this case, get a newer, more modern WiFi system. Google WiFi and Eero from Amazon offer regular automatic security updates.
Again, always use company-provided tools for all office-related tasks. If what you have is not adequate for the job, reach out to your IT department for an upgrade.
General Tips to Avoid Online Scams During Pandemic
How about we discuss a few general protective measures to keep you safe from the malicious activities of scammers and hackers?
-
Verify special offers related to COVID-19 posted on social media or sent to your emails. Do not open links or attachments from strangers.
-
Avoid any offer or package that sounds "too good to be true." Verify the legitimacy of any offer by doing thorough research on your own.
-
Never share your personal or financial information like credit card numbers and social security details to doubtful sources or media.
-
Offers that come with any form of "urgency" or "deadline" are more likely scams than legitimate offers.
-
Doublecheck links and website domains for spelling and grammatical errors. The same applies to messages and emails.
-
No online offer for COVID-19 vaccines or cures is real - at least for now.
-
There are no free government-ordered COVID-19 tests anywhere. If there is an advert in that regard, check the relevant government agencies to verify the claims.
-
Do not click links or download attachments from unknown emails.
-
Do not give in to offers from strangers to invest in a trending new coronavirus stock.
Final Thoughts
Safety is never too much. The hackers and scammers never rest - neither should you. It may be overwhelming at first. But we are confident that the information provided in this post will help you get started and keep you safe and secure from online scams during these pandemics and beyond.
Stay safe, both offline and online.