Winston Churchill supposedly once said, “Never let a good crisis go to waste.” Cybercriminals have taken this to heart with a number of scams during the COVID-19 pandemic.
These scams come in a variety of forms and use social engineering to trick people into performing an action that is not in their best interest. Common types of social engineering attacks include:
- Phishing: a general term for social engineering over messages; most people associate it with email.
- Vishing (voice phishing): a phishing attack using the telephone, such as telemarketing scams.
- Smishing (SMS phising): uses text messaging as a means of attack. An increasingly common method as malicious links in text messages have proven to be an easy means of attack.
- Social media: scammers use messaging apps, fake quizzes, or apps on social media to steal personal data.
COVID-19 Test Kit
The best way to determine if you have been infected with COVID-19 is to take a COVID-19 test; however, is not widely available. Cybercriminals have taken advantage of peoples’ desire for testing; phishing emails, text messages, and even in-person visits from people claiming to be from the CDC all promise access to free COVID-19 testing.
Fake vaccine offers are one of the most common and damaging kinds of COVID-19 scams. Unfortunately, according to experts, a vaccine is unlikely to be available for a year or more. This, however, has not stopped scammers from trying to sell one to people today.
Fake Notices from Health Authorities
In a climate of uncertainty and fear—like that generated by COVID-19—information from trusted authorities is essential. Organizations like the Centers for Disease Control (CDC) and the World Health Organization (WHO) offer a wealth of information on how people can protect themselves. Many scammers have chosen to nefariously “amplify” this information, using emails purporting to be from these and similar organizations which contain links to phishing sites or carry malicious attachments.
At the beginning of the COVID-19 pandemic, toilet paper and cleaning supplies were extremely scarce. While many of the shortages have somewhat eased, masks, hand sanitizer, and other supplies remain in short supply. Phishers have used these shortages to their advantage, creating messages that offer free or deeply discounted supplies in an attempt to steal personal data or infect computers with malware.
Infection With COVID-19
Many organizations and governments are working to develop COVID-19 tracing applications. Such applications would notify potentially infected peopled to seek testing or self-quarantine before they affect others. Cybercriminals have taken advantage of these efforts by sending out text messages informing people that they may be infected. These messages include a link for more information, which directs the recipient to a malicious site.
Different jurisdictions have implemented varying levels of quarantine during COVID-19. In some places, people are advised to limit their movements, while in others, leaving quarantine is illegal and could result in fines or other penalties. Scammers have used this as an opporutnity to send text messages informing people that they have broken quarantine and have subsequently been fined. Links included in these phishing messages lead to malicious sites, rather than the legitimate government site they claim to originate from.
Social Engineering on Social Media
As people practice social distancing, they increasingly use social media. This has led to a rise in online quizzes found across various social media sites. While these quizzes may appear to be harmless fun, in reality, they can be very dangerous. Very often, the information users provide to these quizzes is the same data they use to answer security questions connected to their personal accounts.
The economic impact of the COVID-19 pandemic has led to a large stimulus package, with many U.S. citizens receiving payouts in the form of electronic checks. These checks are desposited into the same accounts that were used to pay their state and federal taxes. Scammers are attempting to steal financial information by masquerading as banking institutions.
Staying Safe During the Pandemic
Scams and phishing emails are a part of daily life, but during a crisis they grow in volume and effectiveness. People are more likely to fall prey to a phishing attack during a time of uncertainty when emotions are high, like the COVID-19 pandemic. It’s important to excercise extra caution when interacting with unusual emails, texts, phone calls, and social media messages. Remember, if it seems too good to be true, it probably is.