<img src="//bat.bing.com/action/0?ti=5163419&amp;Ver=2" height="0" width="0" style="display:none; visibility: hidden;">

Nextech Blog

Avoiding COVID-19 Cybersecurity Threats

Posted On 03/25/2020 by Ken Gehrke

security-1In the recent weeks of the COVID-19 public health emergency, public scam alerts have been issued by both the Department of Homeland Security and the Secret Service warning of a surge in criminal activity related to the outbreak. As often happens during times of crisis, bad actors are taking advantage and running various criminal schemes from increased phishing attacks to fake websites and retail fraud. In fact, these schemes have become so rampant that federal law enforcement recently formed a joint Coronavirus Fraud Task Force in conjunction with Virginia state law enforcement.

In order to keep our readers informed and protected, this blog will discuss some of the most common schemes being conducted during the COVID-19 outbreak as well as provide tips on how to avoid being victimized by them.

Fake Websites

Our daily threat watch during the early days of this outbreak witnessed a sudden surge of fake scam and malware COVID-19 websites beginning to pop up. Thousands of new COVID-19-related sites were being registered every single day and the vast majority of them were not for legit purposes. One such site, for example, was a spoof of the popular Johns Hopkins University Live COVID-19 Map. Visitors would see a cloned version of the map that was very convincing. However, once any element on the page was clicked, the site delivered malware to the victim's computer.

The best way to protect yourself against these fake websites is to make sure you are double-checking the URLs of any linked websites before you click to open them. If the URL does not come from an easily identifiable website or recognizable source, do not click on it. A simple browser search can help you find official websites for information and is a much safer method for finding resources than simply clicking on shared links on social media (in fact, you might want to avoid social media altogether when it comes to staying informed).

Fake Vaccine or Cure Emails

These “fake vaccine or cure” emails fall under the category of phishing emails. There are two main types of these phishing-style COVID-19 emails that have been showing up in people’s inboxes since the start of the outbreak. The first email type is probably the most dangerous and effective, as it presents as an email from someone who claims to be a representative of either the CDC or WHO, and then goes on to explain that they are part of the team seeking a cure or vaccine. There is giveaway for this email since, of course, they will at some point ask you to “take a survey” or “provide information.” Needless to say, you should not do so. Simply delete the email.

The second type of email is a bit easier to identify and avoid. These are the “fake cure” emails that claim they have “the cure to COVID-19 that the government is hiding from you.” Obviously, these are targeted at people who are more prone to believe conspiracy theories. These emails, along with anyone who claims to have a “secret cure,” are completely bogus. If you go straight to the source, the FDA, who are the very people that would have to approve any such cures, they have clearly stated “there are currently no vaccines or drugs approved to treat or prevent COVID-19.” Again, just delete the email.

“Dodgy Donations”

These kinds of emails are always around when there is a crisis or natural disaster, though in the past they have been more common during hurricanes. They are sent with a heartfelt message, sometimes even with a video, explaining how they need your donations to help those affected by the current crisis. However, what they really plan to do is keep your money for themselves… or worse, deliver malware to your computer and/or steal your payment information to clear out your bank account.

Stay safe by only sending donations to familiar organizations and doing so from their official websites as opposed to clicking on an email link that would potentially take you to a spoofed site.

Retail Fraud

You can mostly blame panic buying for this one. Like when non-medical people started buying up facemasks and panicked resource hoarders began clearing shelves of all the hand sanitizer and toilet paper. The result has been a shortage on a number of basic items. Enter the phishers, who are sending out retail fraud or “supply scam” emails that claim they have plenty of these scarce items in stock and are willing to sell them exclusively to you. All you have to do is click on the link and fill out an order form, and these folks will ship them right to you. Again, do not fall for it. They are only going to steal your payment information. Everyone, and I do mean everyone, is suffering a shortage of supplies right now. Medical masks, it appears, will be scarce for quite some time. The same goes for medical gloves and ventilators. There is one tiny silver lining, however, which is that the “Great Toilet Paper Scare” should be coming to an end soon. Producers have ramped up production to maximum output in response to the sudden surge in demand, so there is hope that the empty toilet paper shelves will soon be a thing of the past.

Be Smart. Remain Calm. Stay Safe.

During this period where many of us are stuck indoors, readers might use this as an opportunity to brush up on their security skills. For more articles and resources, check out our blog’s library of security articles. No time like the present to improve your knowledge.

One last thing. Always remember that the best way to protect yourself is to always think before you click. Verify URLs before you visit an unfamiliar website, no matter what it claims to be. Get your information from valid news outlets and governmental resources (not social media). Lastly, don’t let desperation lead you to fall victim to false offers that seem too good to be true (because they definitely are not true).

To put it simply… Be smart. Remain calm. Stay safe.

Topics Security, cybersecurity, COVID-19

Ken Gehrke

Nextech's Senior Director, Security