Scammers will seek new ways to exploit a crisis to their advantage, and the Covid-19 outbreak is no exception. Cybercriminals have been leveraging the pandemic to launch all sorts of cyberattacks ranging from ransomware take-overs of data systems in vital industries like hospitals and financial organizations, to private network hacking.
The wake of Covid-19 has brought on a new breed of phishing attacks that exploit the fear and vulnerability of people in this time: hackers are using human emotion to scare recipients into clicking harmful links or attachments in emails, social media posts, or text messages. By getting unaware recipients to click on a malicious link, hackers get individuals to download malware or relinquish personal information out of fear, anxiety, or even trust.
This form of social engineering takes the form of cybercriminals posing as a trusted friend, an official government agency or a well-known business. Here are the common forms of phishing scams related to COVID-19 since the start of the outbreak to look out for to protect your data safety and security.
1. Charity frauds associated with Covid-19
The Federal Bureau of Investigation (FBI) warned that scammers are taking advantage of people of a charitable bent by fraudulently soliciting donations for individuals, groups, and areas affected by Covid-19. Emails from these purported charitable organizations will try to get users to click on links that will then download a virus onto your computer or cellphone. Watch out for charity names that sound identical to well-known charities or email addresses that are not consistent with charities soliciting donations.
2. Fabricated notices from known health organizations
These email correspondences are intentionally made to look identical to messages from reputable organizations such as hospitals or the Center for Disease Control (CDC). Cyber scammers registered tens of thousands of Covid-related spoof web domains in the first year of the pandemic. The United States Justice Department shut down hundreds of these malicious sites, promising access to personal protective equipment (PPE), relief payments, vaccines, or other aide.
3. Fake economic relief packages
Fraudsters posing as the Internal Revenue Service (IRS) or other government agencies will instruct you to click a link, pay a fee, or “confirm” your data to trick you into divulging sensitive information like your Social Security Number to secure your stimulus check. The IRS reported that it received an unprecedented number of stimulus scams between June and July of 2021. Fraudsters can also use social media platforms like Facebook to message you with promises of “Covid-19 relief grants”.
4. Phony websites containing maps and dashboards
Malicious websites masquerading as a live map for Covid-19 global cases by Johns Hopkins University that circulated the internet were set up to trick unwitting users to visit. Visiting then infects the users with the AZORult Trojan which is an information-stealing program that can exfiltrate sensitive data.
5. Fake public service announcements (PSA)
Fraudulent emails containing information about protecting yourself, your children or your community can contain malicious links or attachments that will infect your system with data stealing programs.
Conclusion
Scammers are looking for more convincing and sophisticated ways of using social engineering tactics to gain people’s trust and access to their sensitive data by posing as reputable institutions. These malicious activities vary in style and tactics to exploit the emotional vulnerabilities of people at this time. To stay ahead, organizations must firm up their security awareness training programs for their employees apart from partnering with a trusted security services provider.