Cyber criminals are exploiting the coronavirus pandemic in a variety of ways, targeting individuals, businesses and corporations, to extract information and for monetary gains in coronavirus financial scams.
The scammers are devising all sorts of ways to get us to part with our savings but this will never stop until the scammers tricks no longer work, so it is up to us to stay vigilant, stay informed, keep our loved ones protected and not let these criminals damage lives.
Cyber related Scams:
- Phishing activities, using trusted named brands with the subject heading Covid-19
- Malware distribution luring individuals in by creating a trusted looking source, using Covid-19 as lure
- Attacking remote access infrastructures
Asking for Donations for the NHS
One of the biggest scams taking place right now is blatant theft. Asking for donations to buy medical supplies for the NHS, pulls at the heart strings, it is something we all want to do.
You can donate to your local hospital as opposed to the NHS in General, that way you are donating to your own community of nurses.
Being Fined for leaving your home
Official looking text messages have been sent purportedly being from the Government with a message of being fined for going out during the lock down. Delete these messages.
This app has been created to look like it is a Coronavirus map tracker, but in fact, what it does is encrypt the contacts on an Android device then demands a ransom to the user to regain access.
Best covid-19 map tracker is TrackCorona.live made by students of Stanford, University of Virginia.
Malicious domain names containing Covid-19
You maybe searching for more information about Covid-19 and be presented with a number of domains containing the covid-19 name, these are bought very cheaply to lure people in to defraud them. Only use trusted UK websites for Covid-19 advise.
Spoofing Trusted Sources
Many emails may appear to be from trusted sources, this is the intention, but in fact, they are spoofed emails. Check the email address of the sender very carefully to verify the exact email address the email is from.
Unsure you let your email platform know this is a junk email by marking it as spam, not just binning it, so the email gets blocked.
Phishing emails are the ones where their sole purpose is to gain your personal information, the headings of these phishing emails are for example Covid-19 update, New cases of Covid-19. These emails will lead you to a website that will gain your personal data.
Like Email Phishing, but often made to look like they are texts coming from the Gov or your bank. They also take you to an official looking website for you to enter your personal details.
They will use Government Compensation themes to lure you in.
Luring you into entering your Username and password onto a spoofed website to gain access to your login details. To lure you into entering your details, they will often use Covid-19 wording, it may sound urgent, it may sound as though it is coming from the Government.
The only way to detect this is not legitimate is to check the url, everything else is made to look the same as the trusted website.
Open an attachment or download a file that is malicious and designed to gain access or attack your computer or device.
Example: Agent Tesla keylogger malware
Another is a campaign offering thermometers and face masks to fight the epidemic with the images of these products actually containing a loader for Agent Tesla.
There is another campaign that includes an Excel attachment or link to landing page that once clicked redirects to download an Excel document called ‘EMR Letter.xls’. Both the attachment and the link execute an embedded dynamic-link library to install Get2 loader malware.
In other campaigns, emails included an Excel attachment (e.g. ‘8651 8-14-18.xls’)or containedURLs linking to a landing page that –if clicked -redirects to download an Excel document such as ‘EMR Letter.xls.’In both cases, the Excel file contains macros that, if enabled, execute an embedded dynamic-link library(DLL)to install the Get2 loader malware. Get2 loader has been observed loading the GraceWire Trojan.
Trojan.Trickbot – banking trojan targeting banking and bitcoins
Targeted Italians with information updates about Covid-19 which included an infected macro that thus infecting computer hardware and potentially taking control of your computer.
Once download, the scammers have access to download further malicious files.
Malwarebytes will scan your computer for infections and delete them and so is highly recommended. Find out more from Malwarebytes
Exploration of Zoom and other web meeting software
Scammers are even exploiting the very means we use to communicate with each other online. Zoom is a popular chat room software, as is Skype and Microsoft Teams. Hackers can also hack into these platforms that have been set up without passwords.
Switching bank account online
As branches close, a good scam is to get you to transfer your bank account, this gives the scammers your bank details and access to your money.
Bogus job offers
It may sound a strange one, but scammers can gain your personal details by offering your a bogus job. You have to complete an online form an provide your details for a job that does not exist. Be careful.
Online shopping fraud
Lots of online shops have popped up promoting PPE equipment that never gets delivered.
Take your time. A lot of scammers use the sense of urgency to making you do something in haste. Take a step back, walk away if need be, then review the communication you have received. If in doubt, always contact the source i.e. the bank or the Government to check.
In March the national centre for fraud and cyber crime reported a loss of £970,000 so just be cyber crime aware and contact the police if you feel you are being or have been scammed.
We recommend Norton 360 and Malwarebytes to check for viruses and do your own research or ask someone if you are unsure, do not do anything without checking first.