Coronavirus scare used for online scams

Worried woman looking at laptop.

Published March 24, 2020

by Orly Stein

If you received an official-looking email from a government agency about coronavirus, would you click it? Cybercriminals are using the latest public health scare to spread scams, viruses and misinformation.

As always, exercise caution when browsing online, downloading apps or reading email.

Organizations like the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) have been warning the public that cybercriminals are using their names and images for phishing attacks.

The WHO cautions on their website, “If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.” 

The U.S. Department of Justice is also reporting that harmful apps and websites are popping up to steal your information and spread viruses, under the guise of offering information about coronavirus.

When looking for information about coronavirus online, visit official websites for trusted sources (such as the CDC or WHO) directly.

What should I look out for?

Print

Author

UBIT Student Ambassador Orly Stein.

Orly Stein (UB Student, Class of 2022) is an Information Technology and Management major from Long Island, NY. In the future, she hopes to get more experience with cyber security and pursue a career in the field. In her free time, Orly enjoys playing soccer, going to SoulCycle with her friends and snowboarding.

Malicious email

Phishing emails will likely include alerts and warnings about the coronavirus outbreak, along with a link. Once clicked, the link will take you to a malicious website trying to steal your personal information.

The email address may look legitimate at first glance. For example:

  • Real website: cdc.gov
  • Scam website: cdc-gov.org

Harmful websites

According to the U.S. Department of Justice, malicious websites that claim to host information about coronavirus actually contain trojan viruses that steal information, including sensitive data, from your computer.

Specifically, the website corona-virus-map[dot]com was cited as containing the AZORult Trojan.

Malicious apps

The U.S. DOJ also reports that at least one Android app posing as a "coronavirus tracking app" (downloaded from coronavirusapp[dot]site) is actually ransomware that will infect your phone or tablet, locking it until payment is received.

How can I protect myself?

Exercise caution when looking for coronavirus information on apps and websites not provided by reputable government, healthcare or educational sources.

Be skeptical of any email asking you to click on a link or open an attachment. Before clicking or opening anything in an email:

  • Look out for spelling and grammatical errors
  • Check the URL before clicking a link: you can hover your mouse over a hyperlink to see where it really leads
  • Never enter personal data that a website shouldn’t be asking for

Stay vigilant!

As the coronavirus sitatuation evolves, scammers continue finding new ways to exploit the crisis for personal gain.

By being careful about how you engage with apps, websites and email, you can avoid becoming a victim during this difficult time.

I think I fell for a scam! What do I do?

  • Don’t panic – if you provided your credentials, start by changing your passwords.
  • Never use the same password on more than one site: once cybercriminals have your password, they’ll try to use it on every website where you might have an account.
  • Turn on two-factor authentication. You already use Duo to protect your UB accounts, but many other sites offer two-step verification as well! With two-step verification, a stolen password, by itself, is useless.
  • Report suspected fraud. The U.S. Department of Justice has a website with more information about what to do if you suspect you are targeted by a coronavirus scam.