Scammers are following the headlines and creating new scams to match.
With the concern surrounding the coronavirus, they’ve been busy finding ways to trick unsuspecting victims into revealing personal or payment information.
The best way to avoid a scam is to know the red flags. This means it’s never too soon to get immunized against the current strain of malicious tricks. The Federal Trade Commission (FTC), Word Health Organization (WHO), the Better Business Bureau (and more) are spreading the word.
Updates about the spread of the virus
You get an email from an official agency such as the Center for Disease Control and Prevention, or the World Health Organization about the coronavirus outbreak. The subject line sounds urgent—something like “Emergency: coronavirus outbreak in your city” or similar.
Here’s an example:
(image courtesy of Sophos Security)
Because the interest in coronavirus is so high, the email doesn’t need to have a lot of information, but it does have links or attachments. The email may ask you to click to get an “updated list of new cases in your city” or ask you to download a file of “safety measures” to stay safe.
The links actually take you to a legitimate-looking website designed to gather personal information—even your email address and password (which means they could reset your usernames and passwords to any accounts linked to that address). Clicking on attachments could download malware onto your computer designed to accomplish the same goal.
Preventions or cures
The Better Business Bureau (BBB) reports, “one scam email claims that the government has discovered a vaccine but is keeping it secret for ‘security reasons’” but the email promises you can buy it now (hot tip: YOU CAN’T. The Food and Drug Administration is working on potential drugs to treat COVID-19, but none are approved or available to the public).
The United Nations also warns impostor scams like this could also come over the phone, a text message, or even a fax.
In times of crisis people naturally want to help. Scammers know this and set up fake charities to con people into donating to vaccine creation fundraising effort.
Promises of needed supplies
Update! This week the FTC says to watch out for offers of in-demand cleaning, household, or medical supplies. Online shops have popped up promising to sell you these items, but then you never receive them.
Checks from the government
Update! There’s talk that the federal government will soon be sending money to those most-impacted by the coronavirus. Details are still forthcoming, so don’t be fooled by any offers to get your money now.
Tips for spotting coronavirus scams
The FTC, WHO, and the BBB have tips for avoiding this new round of virus-themed scams:
- Don’t panic. Scammers want you to freak out and respond without thinking. Always double-check the information.
- If you’re being emailed or called by an official agency, question it. Take a close look at the sender. Scammers are sending emails that, at first glance, look real (for example: “cdc-gov.org” instead of just cdc.gov, or “who.org” instead of who.int). The WHO is telling everyone that they will NEVER:
- Ask you to log in to view safety information
- Email you attachments you didn’t ask for
- Ask you to visit a link outside of who.int
- Ask you to donate directly to emergency response plans for funding appeals
- Conduct lotteries or offer prizes, grants, certificates, or funding through email
- Charge money to apply for a job, register for a conference, or reserve a hotel
- Ignore offers for vaccinations, treatments, or cures. Think about it: if there was a medical breakthrough, would you be hearing about it for the first time through an ad or a sales pitch?
- Make sure the charity campaign is legit. We have six quick tips for making sure your charitable giving makes it to the intended recipient.
- Remember your phishing basics:
- Look out for grammar and spelling errors. Mistakes happen, but they could be a sign the email is fraudulent.
- Don’t click links—navigate to the website yourself. If you hover your cursor over a link, the address will be displayed. If it looks phishy, don’t click. Better yet, if there’s any question, do a little Googling and find the website yourself.
- Don’t give information to those who shouldn’t be asking for it. There’s no reason for the WHO, the CDC, or a website selling a cure needs your email address or password. Always think twice, or three times, about whether the “source” of the email or phone call reaaaallllyy needs the information they’re asking for.
- Two-factor authentication can help. It’s an extra layer of protection if your password is ever stolen (or you gave it out by accident).
- Don’t forget how the government works. Relative to relief payments, the government would never ask you to pay anything up front to receive you funds. They would also never ask you for your Social Security number (they have it already!).
If you think you’ve fallen for a scam, change your passwords immediately! Also, make sure your computer’s anti-virus software is up to date. We also have a how-to guide to help if you think you’ve been a victim of a data breach.