Cybercriminals are taking advantage of fears over the Coronavirus outbreak, using phishing emails, fake websites, and false promises of vaccines and cures to try to gain access to personal information.
According to KrebsonSecurity, cybercriminals are sharing an accurate real-time data map created by Johns Hopkins University in an effort to infect computers with malicious software. The map is being used on fake websites and possibly in spam emails.
Criminals are also sending phishing emails that appear to be from the World Health Organization (WHO) and ask recipients to give sensitive information, such as usernames or passwords, click a malicious link, or open a malicious attachment. If you do so, criminals can install malware or steal sensitive information.
Similar phishing attempts have been made using what appear to be emails and links from the Centers for Disease Control and Prevention (CDC). According to Kaspersky, the emails encourage users to click on a link that contains details about new cases of Coronavirus near them. The link appears to go to the CDC website, but instead redirects to a fake website that looks like a Microsoft Outlook login page. Targets are asked to enter a username and password, which can then be stolen to gain unauthorized access to sites.
The Federal Deposit Insurance Corporation (FDIC) is also warning consumers that scammers are pretending to be agency representatives. The FDIC will not contact you asking for personal information, such as bank account information, credit and debit card numbers, Social Security numbers, or passwords.
The Federal Trade Commission and U.S. Food and Drug Administration have sent warning letters to seven companies allegedly selling products that may violate federal law by making deceptive claims about their ability to treat Coronavirus. There are currently no approved vaccines or drugs available to treat or prevent the virus.
To avoid falling victim to these or any scams, remember these tips:
Check the sender’s email address. For example, WHO emails will come from an @who.int address. WHO does not send emails ending in @who.com, @who.org or @who-safety.org.
Don’t click on links from sources you don’t know. For the most up-to-date information about Coronavirus, go directly to the Centers for Disease Control and Prevention and the World Health Organization websites.
Don’t provide your personal information. The WHO and CDC will not ask for your username or password to access safety information, send email attachments you didn’t ask for, or ask you to visit a link outside of www.who.int or www.cdc.gov.
Ignore offers for vaccinations. There currently are no vaccines or cures available to treat Coronavirus.
Do your research before making donations. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.
Don’t send money to receive money. The president and Congress are negotiating relief programs that could include money sent to individual Americans. While these are currently just proposals, it’s important to remember that the government won’t ask you to pay for anything up front to get this money. It also won’t ask for your Social Security number, bank account, or credit card number.