Cybercriminals will use any and all tactics to make money, and the bad guys have been quick to capitalise on the global outbreak of coronavirus. There are already thousands of virus-related scams.
In fact, research by Trend Micro has shown that there are over 300,000 unique threats, the majority of which are malicious emails.
How to avoid Coronavirus scams
If you want to avoid being scammed, do not open email attachments without first checking that the email is genuine and that the file extension is appropriate for the type of file. A video or audio file with an .exe or .ink extension is fake, and will most probably infect your computer with malware.
Second, don’t click on links in emails unless you are sure the URL is safe. And if you do click on a link, then check in your web browser that the address is genuine and not a fake site.
A common trick is to use an address that is similar to a genuine one, so you don't notice it's a fake.
Of course, it goes without saying that basic antivirus software is the minimum you should be using on your devices, but it's worth going for a full security suite for the best-possible protection from phishing scams, dangerous websites and malware-infected downloads.
Basic antivirus is good, but a full security suite that also includes some kind of ‘web advisor’ to warn you of fake or dangerous websites will offer that additional warning that you might be about to enter your login details on a non-genuine page or download a potentially malicious file.
The common-sense security advice we've already given is crucial. But it is worth watching out for these coronavirus scams in particular:
- Email attachments supposedly containing information on the latest areas with outbreaks of the virus, videos of tips on how to protect yourself and links to websites with – again – the latest, up to date information.
- Fake websites selling medical supplies that are out of stock in shops such as hand sanitiser, thermometers, face masks. They will take your money but won't deliver anything.
- Emails asking you to donate to help fight Covid-19 by giving money to victims, to research or to medical staff.
- Emails from supposed doctors asking you to donate Bitcoin or download documents
When it comes to downloads and email attachments, the files won't contain what they promise: they instead deliver their payloads which range from Trojans to worms. And these nasties are capable of various things from interfering with the operation of your laptop or PC to destroying your data.
However, the hackers’ primary reason isn’t to inconvenience you, it’s to steal your information, or extort money from you.
Here's an example of an email which fools you into thinking it has come from the Centre for Disease Control and Prevention in the US, and includes a link to see the latest cases in your city.
It takes you to what appears to be an Outlook webmail login page (which doesn’t even make sense) but it would be easy to enter your Microsoft login details if you’re not concentrating. It’s a fake site which will steal your username and password, of course, and provide you with none of the information promised.
To clarify, this fake CDC email comes from cdc-gov.org, but that is not the official cdc.gov domain name.
Other emails will fool you into believing they are from the World Health Organisation (WHO), and have an attachment that is meant to include safety tips. Instead, it installs a keylogger on your system which will send all your keystrokes (potentially including your bank login details) to the scammers.
Google and Facebook are working to try to cut the number of fake news stories about the virus, and Facebook has launched a coronavirus information centre, which you can check out.
Amazon has removed millions of fake listings which claimed they would protect or even cure the virus.