Watch out for COVID-19 Scams

COVID-19 Scams
100% human

COVID-19 scams abound, and cybercriminals are using the public’s vicarious interest against them. Here are the current ones – we will update as we hear of more.

There is no doubt that cybercriminals are an agile and resourceful lot. In a week they have mobilised at least a dozen cleverly socially engineered scams and hundreds of regional variants. Here are some of the COVID-19 Scams to watch out for.

COVID-19 Scams

Scam 1 – Give me your details to get the Government assistance

The Government’s assistance package will come to eligible people via the MyGov (Medicare) and other relevant government databases. You don’t have to do anything to get a benefit.

There has been a tsunami of phishing emails requesting that you login to see if you are eligible. Login inevitably says you are, but you need to prove who you are by providing name, address, date of birth, bank account details and at least two forms of proof of identity. Some ask you to upload a photo or scan of the front/back of a driver’s licence, your passport ID page and even copies of a utility bill.

THIS A SCAM – the Government never asks for this information!

Scam 2 – Forms physically distributed to vulnerable groups at retirement villages

This is a version of the email scam for those who don’t use the internet. We have word (but no proof yet) of scammers distributing official-looking forms door to door at retirement villages informing the resident of the government bonus and requiring the same information as the phishing email. Scammers say you must fill in the form NOW and take photos of ID (as most don’t have a scanner).

We are not sure how widespread this is because it could take a lot of organising, but it only takes a small success percentage to make money.

Scam 3- Telephone fraud – your mum/dad/long lost cousin has COVID-19

Criminals call pretending to be clinic or hospital officials, who claim that a close relative of the victim has fallen sick with the virus and request payments for medical treatment.

This is rare in Australia but if you get a call check it out directly.

Scam 4 – This is your bank/post-office – we are closing branches for two weeks, so you have to register to use online

This has happened in the US, and the email directs you to a form or an app to allow temporary local banking/posting asking for all your details. The app can infect your device and steal your details.

No bank or post-office would ever do this.

Scam 5 – COVID-19 Advisory emails asking you to download the latest update

Phishing emails abound with links to either so-called advisory sites or links to download helpful information. The links may be in the form of Word.doc, PHP or EXE and are poisoned and download malware. They use clickbait headlines like “Pope dies – an unholy war on COVID-19” or similar.

Never click on a link if you don’t know its pedigree

Scam 6 – Malware in COVIDS-19 Maps and information websites

One email appears to have the link to the US Centre for Disease Control (CDC) and the ability to access a COVID-19 virus map by location.

Those that vicariously want to know infections in their neighbourhood are most at risk.

COVID-19 scams

Scam 7 – highly targeted workplace, school, university or TAFE phishing

There are reports of staff at large companies or students receiving emails telling them to work from home. To do so, click the link to the institutions/company’s new Communicable Disease Management Policy and remote work protocols. This has a very high opening and infection rate.

Check with the real HR first – call them!

Scam 8 – Fund COVID-19 research

Fundraising scams abound and get your credit card details. If you want to donate, do it directly with the research hospital.

Come in spinner.

Scam 9 – Donate your excess CPU and GPU time to COVID-19 research

There are social media campaigns to get you to donate excess CPU/GPU time to research. You download the app, and it secretly starts Bitcoin mining, loading malware as well as stealing your data.

This mostly happens via gaming and special interest groups.

Scam 10 – Social media like Facebook

Scammers have been active in littering social media with photos, stories, offers and cures, but the result is always the same – click on the link and become infected with MALWARE-19.

Avoid Fakebook entirely.

Scam 11 – Fake Ads

We are inundated with fake ads for masks, toilet paper, hand sanitiser, medical supplies, cleaning products, air purifiers (see our article Air Purifiers do not kill COVID-19 here).

Covid-19 Scams

The majority want you to buy online, you will never see the goods, and your details are stolen.

Protection (Thanks to Norton LifeLock for this)

First, if you have elderly relatives that may not be as savvy with the internet call them and warn them of the risks.

Second, follow this essential advice

  • Never give personal information to anyone, be it via the internet or the front door
  • Never click on a link or download a file unless you are sure of its pedigree
  • Look for obvious spelling and grammatical mistakes
  • Look for generic greetings – Dear fellow resident!
  • Bin any email that says you must act now
  • Install paid anti-virus/malware with phishing protection
  • And if you are remote working use a paid VPN like Private Internet Access (Best for Sydney, Melbourne and Perth with local servers there) or NordVPN (servers in Brisbane, Sydney, Adelaide and Perth).

Legitimate sources of information on COVID-19 scams and resources

We find US sites have a better global perspective because State Legislation does not bind them

Centre for Disease Control and Prevention. The CDC website includes the most current information about the coronavirus. Here’s a partial list of topics covered.

  • How the coronavirus spreads
  • Symptoms
  • Prevention and treatment
  • Cases in the U.S.
  • Global locations with COVID-19
  • Information for communities, schools, and businesses
  • Travel

World Health Organization. WHO provides a range of information, including how to protect yourself, travel advice, and answers to common questions.

National Institutes of Health. NIH provides updated information and guidance about the coronavirus. It includes information from other government organisations.

Australian Government COVID-19 resources are all in one place including translations to several languages.