Taking advantage of current events is a common tactic that cybercriminals use to fuel their malicious activities. With the global pandemic of COVID-19 and an overwhelming desire for the most current information, it can be difficult for users to ensure they are clicking on reliable resources. So far, the MS-ISAC has seen malicious activity come through just about every channel: email, social media, text and phone messages, and misleading or malicious websites.
The range of current malicious activity attempting to exploit COVID-19 worldwide varies. A few common examples include:
- Fake tests or cures. Individuals and businesses have been selling or marketing fake “cures” or “test kits” for COVID-19. These cures and test kits are unreliable, at best, and the scammers are simply taking advantage of the current pandemic to re-label products intended for other purposes. For more information on fraudulent actors and tests, check out resources from the U.S. Food and Drug Administration (FDA).
- Illegitimate health organizations. Cyber criminals posing as affiliates to the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC), doctor’s offices, and other health organizations will try to get you to click on a link, visit a website, open an attachment that is infected with malware, or share sensitive information. This malicious activity might originate as a notice that you have been infected, your COVID-19 test results came back, or as a news story about what is happening around the world.
- Malicious websites. Fake websites and applications that claim to share COVID-19 related information will actually install malware, steal your personal information, or cause other harm. In these instances, the websites and applications may claim to share news, testing results, or other resources. However, they are only seeking login credentials, bank account information, or a means to infect your devices with malware.
- Fraudulent charities. There has been an uptick in websites seeking donations for illegitimate or non-existent charitable organizations. Fake charity and donation websites will try to take advantage of one’s good will. Instead of donating the money to a good cause, these fake charities keep it for themselves.
Exercise extreme caution in handling any email with COVID-19-related subject lines, attachments, or hyperlinks in emails, online apps, and web searches, especially unsolicited ones. Additionally, be wary of social media posts, text messages, or phone calls with similar messages.
Be vigilant, as cyber actors are very likely to adapt and evolve to the nation’s situation and continue to use new methods to exploit COVID-19 worldwide. By taking the four precautions below, you can better protect yourself from these threats:
- Avoid clicking on links and attachments in unsolicited or unusual emails, text messages, and social media posts.
- Only utilize trusted sources, such as government websites, for accurate and fact-based information pertaining to the pandemic situation.
- Federal Emergency Management Agency (FEMA) recommends only visiting trusted sources for information such as coronavirus.gov, or your state and local government’s official websites (and associated social media accounts) for instructions and information specific to your community.
- NEVER give out your personal information, including banking information, Social Security Number, or other personally identifiable information over the phone or email.
- Always verify a charity’s authenticity before making donations. For assistance with verification, utilize the Federal Trade Commission’s (FTC) page on Charity Scams.