Scam emails delivered via email and social media messages are hijacking the subject of the current coronavirus infection. The COVID-19 scam messages are made to look like they come from trusted sources, such as WHO (World Health Organization) or CDC (Center for Disease Control). The goal of scammers usually is to get you to click on a link or open a file on your computer, so they will say anything they need to say to get you to trust them. COVID-19 scams are a good reminder that scammers are constantly looking for new ways to trick, rob, and infect us.
Covid 19 Email Scams quicklinks
- What COVID-19 scams look like
- Types of emails
- How to recognize a scam
- Dangers of COVID-19 scams
- What scammers want
- Scam files and links
- How to deal with COVID-19 scams
- Automatic Malware removal tools
Details on COVID-19 scams:
|Types of emails that can be used by scammers||Job emails,
messages from friends,
emails from the government or international health organizations,
|COVID-19 scam signs||Emails that require you to download a file,
documents that ask you to enable editing to read them,
login sites on strange addresses,
sites that ask for your payment information to “confirm your identity”,
breaking news, news about cures, scary messages.
|Dealing with COVID-19 scams||Use antivirus programs (Spyhunter for PC, Combo Cleaner for Mac, etc.) to detect malicious files,
don’t type in your personal information without checking the site first,
tell your bank if your credit card data was leaked.
What COVID-19 scams look like
Types of emails
There was a coronavirus map app that got lots of users by promising to show them updates on COVID-19 infections – then it locked those people’s phones and demanded money to unlock them.
Email and social media scans with COVID-19 as the subject are bound to catch people’s interest, as it’s a hot topic. We’ve been encouraged to be as diligent as possible in avoiding COVID-19 and keeping ourselves and those around us safe, so ignoring such an email might feel imprudent.
So, naturally, scam messages with “COVID-19” or “Coronavirus” in the subject line have started spreading in various forms:
- Directions and instructions from health organizations.
- Claims that a breakthrough was made or a cure was found for COVID-19.
- Emails made to look like they come from your job, with words like “employees” thrown around.
- Fake forms, guides, questionnaires, and memos that, supposedly, come from your job, school, municipality, government, etc. Usually include a file for you to download.
- Fake local news and urgent updates.
- Unverified donation and charity queries.
How to recognize a scam
It can be tricky to know whether an email even is a scam. For example, you can look at the sender’s address, but criminals can fake it to make it appear as anything they want; email spoofing is something to always be aware of. The same goes for social media messages that look like they come from your friend; they can still be scams.
Scam messages try to pressure you or stress you out. This applies doubly to any messages that have to do with COVID-19, which itself is a stressful subject. Another example is the Save Yourself emails that threaten to release your intimate videos. Scammers like to scare or excite their victims to make them careless. At the same time, some COVID-19 scam mail is made to look official and detached – not all scams rely on the same tactics.
You could trust your email inbox to categorize scams and legitimate emails for you, but this process isn’t always perfect.
A good way to avoid COVID-19 scams is to just be familiar with the scams that are already out there. CDC and WHO have released warnings about their names being used by scammers and they posted some good advice on how to protect yourself. This IBM post also has a few examples.
Dangers of COVID-19 scams
What scammers want
The goals of COVID-19 scam emails are the same as other scams:
- to rob people of money,
- to steal people’s private information (known as phishing),
- to hijack people’s computers and online accounts.
Likely, a COVID-19 scam email will include a malicious link or a document with malware embedded in it. The email text only exists to earn your trust and make you open the malicious document or website.
As was said in the IBM post linked above, trojans, such as Emotet, can be distributed by COVID-19 email scams – mostly in malicious email attachments. A trojan like Emotet will download all kinds of malware, including ransomware, and can have devastating consequences.
Malware is created to make cyber criminals money, which includes stealing personal data and selling it to other criminals, tricking people into buying useless products, threatening people into paying a ransom, and infecting computers with adware so that scammers can earn revenue.
Scam files and links
If a COVID-19 email asks you to download a document and then to enable editing, just close it – it’s malware. It’s best not to open even slightly suspicious files without scanning them with an antivirus application, such as Spyhunter for Windows, Combo Cleaner for macOS, and others. You can usually find the option to scan a file in the menu that opens when you right-click the file.
If a COVID-19 email asks you to open a link that then asks you to input your credentials and/or personal information, be very careful. Check the address of the site. Then go to the site manually instead of clicking the email link to make sure that it’s legitimate. Malicious sites have fake login pages, but no home page. And sometimes links look like they’re going to open one site, but actually go to another site entirely. Anyway, phishing scams can only hurt you if you type in your information. Otherwise, you’re probably fine, even if you did click on a suspicious link.
Finally, legitimate COVID-19 emails should never ask for your payment information. Scammers like to claim that you need to provide your credit card details to prove your identity. They then charge your credit card for increasing amounts of money and sign you up for subscriptions by using your stolen data. That’s why it’s very important to be careful who you give your data to.
How to deal with COVID-19 scams
Sometimes we mess up and do fall for a well-made scam. It’s not the end of the world, but it’s important to take some measures to protect your data.
If you provided your payment details to a suspicious website, like a fake COVID-19 charity campaign, you need to keep a close eye on your bank account. If you notice any suspicious charges, dispute them immediately with your bank or payment processor. You will most likely win and get a refund. You can contact your bank or payment processor, tell them what happened, and seek advice. Tell your bank honestly everything that happened and they should tell you how to proceed.
Downloading malware from a COVID-19 email or website can be bad, ranging from spyware to ransomware. But a competent antivirus program can deal with most such infections.
If a COVID-19 scam tricked you into typing your login credentials to a fake website, it’s enough to change your passwords to get around the problem.
Finally, if you got any COVID-19 scam messages from the accounts of your contacts or friends, warn them – their accounts may have been hacked.
Automatic Malware removal tools