Coronavirus Scam Alert
As worries about the novel coronavirus and COVID-19 mount, cybercriminals are racing to capitalize on those fears with phishing emails designed to steal your personal information and your money. If you receive an e-mail where you are promised a vaccine for the virus or some magic/miracle like curative/protective measures it has most likely come from cybercriminals. The World Health Organization (WHO) and The Centers for Disease Control and Prevention (CDC) are not going to send mass e-mails to release information. When there is significant information to be released they will be holding a press conference and or releasing the information through VERIFIED sources.
Now that multiple businesses have closed due to the Coronavirus and will not reopen for an extended period of time, people will have more time to be on social media, online websites and checking e-mail. The cybercriminals know this as well and they will start increasing the rate and type of phishing e-mails they are sending out. The CDC and WHO will not ask you to pay for any type of services through an e-mail and they will ABSOLUTELY NOT ask you to pay with GIFT CARDS.
If you receive an e-mail with suspicious content and a link to a website and you cannot verify the sender through secondary means. DO NOT click on the link and delete the e-mail immediately.
How to Avoid Getting Scammed:
Here are some additional tips from digital security experts.
Think before you click: The best thing consumers can do to protect themselves is just slow down. If something doesn't seem right about an email, just delete it-ideally before you open it. You're better off not taking the risk.
Examine the link: Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. A ".ru" on the end, for example, means the site was created in Russia; ".br" means Brazil.
Misspellings in URLs are another good tip-off to a fake website. If the URL says corronaviruss.com, it's best to avoid it. And if you get an email advertising a great deal on masks or hand sanitizer at a major retailer, open a new window in your browser, search for the retailer's web address, and compare it with the one in your email. Verifying the e-mail separately will help you avoid getting scammed.
Don't assume that a website is legitimate just because its URL starts with "https." Criminals like to use encryption, too.
Don't open attachments: They may contain malware. And you should never type confidential information into a form attached to an email. The sender can potentially track the info you enter.
Guard your financial information: Be wary of emails asking for account numbers, credit card numbers, wire transfers, and failed transactions. There's no reason to share such info via message or an unsecure site.
Turn on auto updates: This goes for your computer, smartphone, and tablets. Up-to-date antivirus software goes a long way toward stopping malware.
Use security tools: Install an antivirus program on your device, and keep it up to date. Cybersecurity companies such as McAfee, Kaspersky, and NortonLifeLock offer them. But keep in mind that these tools aren't foolproof.
The best defense in avoiding these scams is to use common sense. During times like these it is easy to be swept up in the panic around you. Before making any decisions, stop and evaluate what it is you are doing, why you are doing it, and if it is necessary to do it.
Below are examples of SCAM/PHISHING emails.
(All examples below come from the U.S. Health and Human Services website.)
Here's an example of a fake CDC email:
Health advice emails. Phishers have sent emails that offer purported medical advice to help protect you against the coronavirus. The emails might claim to be from medical experts near Wuhan, China, where the coronavirus outbreak began. "This little measure can save you," one phishing email says. "Use the link below to download Safety Measures."
Here's an example of a fake health-advice email:
Workplace policy emails. Cybercriminals have targeted employees' workplace email accounts. One phishing email begins, "All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy." If you click on the fake company policy, you'll download malicious software.
Here's an example of a fake workplace policy email: