COVID-19: The Cybersecurity Threats You Should Know About
By Laine Seaton
Since its unwelcome arrival in the U.S. in the early months of 2020, COVID-19 has completely upended our daily lives. We haven't faced a threat such as the COVID-19 pandemic for more than a century. But there's another threat lurking that's just as widespread and just as pernicious: cyberscams related to COVID-19.
Rampant during natural disasters and other collective crises, cyberscams pose an equal-opportunity threat to everyone, especially during turbulent times. Cybercriminals capitalize on public confusion and uncertainty and seek to exploit our vulnerabilities for profit in a multitude of ways — and the COVID-19 crisis is no exception.
Through fake websites, emails, texts, robocalls and social media, scammers seek to harm by distributing malware/spyware, stealing your personal information, and taking your money. Cyberexperts have reported an explosion in COVID-related websites being launched, with at least 40,000 sites already deemed suspicious. In April alone, Google reported blocking more than 18 million COVID-related phishing emails per day.
So far, Americans have been defrauded of more than 45 million dollars from COVID-related scams, according to the Federal Trade Commission, and the threat continues.
"There's a huge range of cybercrime happening right now because cybercriminals follow the headlines," says cybersecurity expert John Sileo. "They're exploiting everything we're looking for now: antibody tests, cleaning supplies, stimulus checks, PPP benefits, and so on."
Even with years of experience in the workings of cybercriminals, Sileo says that COVID-19 has definitely raised the bar. "I'm really struck by the speed and quality of the fraudulent material. They've ramped it up so quickly and are able to launch something in ten minutes based on the day's news — that's the shift."
Here are some of the most common COVID-related scams to put on your radar and steps you can take to steer clear of cyber traps.
Health care scams
With millions of people looking for updates on COVID-19 and turning to experts, including the World Health Organization and Centers for Disease Control, scammers have immediately pounced on the opportunity by posing as these and other legitimate health organizations with official-looking websites and emails, alerting readers of important updates — all with the nefarious intent of distributing malware and stealing your personal information.
Scammers are pitching free home test kits for COVID-19, along with invitations to register online for a local test. They're also hawking fake "cures" for COVID-19 including magic pills, ultraviolet lights, and even blood and saliva from virus survivors with the promise of providing immunity. Some people have gotten alerts saying that they've been in contact with someone infected, and that they must click a link provided for more information.
Virtual office visits or telehealth have also been vulnerable to hacking, with scammers sending patients fake telehealth apps or links that download malicious spyware. They're also using medical devices as entry points to hack into entire hospital systems.
Sileo says that seniors are especially vulnerable to scams right now. "We're really seeing high rates in scams targeting the elderly. Fake emails telling them to "click here" to get a COVID-19 test or to see their medicare benefits, or anything they think is coming from their doctor's office — those kinds of things are incredibly effective."
As the COVID-19 pandemic has brought the U.S. economy to a crawl, millions of businesses and workers have been seeking a lifeline through the Payroll Protection Program and stimulus checks as part of the CARES Act. This combination of desperation and urgent need is a dream for scammers who will email or call, offering to expedite funds, or pose as banks and lenders pitching other relief programs that don't exist.
Remember, the government will never call, text or contact you on social media, so stay away if you're approached.
Shopping & travel scams
In the early days of the pandemic, fears of scarcity caused panic buying of items such as toilet paper, disinfectant wipes, masks and hand sanitizer. Scammers have been seizing on the demand by creating fake digital storefronts and pitching these nonexistent items for sale, all to collect your personal information and steal your money.
Travelers need to be very wary, too. With so many travel disruptions and cancellations due to COVID-19, those seeking refunds should verify airline or hotel phone numbers on official websites rather than trusting a Google search. Scammers are posing as airline reservation agents, and then stealing travelers' refunds and travel credits.
With all eyes on a potential cure or vaccine for COVID-19, scammers are also promoting fake charities to solicit donations for research and vaccine development. Guidestar or Charity Navigator are useful in verifying a nonprofit. Cybercriminals have also created fake apps appearing to help you track the spread of the virus. In reality, they lock your phone and demand a ransom.
What's the takeaway in all of this? Sileo urges people to use their "B.S." reflex. "Be skeptical. You need to verify the source before you give any information." Other experts recommend similar advice, including:
Always think twice before clicking
Double check where the email is coming from by looking for oddities in the address
Don't download any attachments from unknown sources
Only go to official sources (confirm that information is coming from official websites)
Don't share your personal data
Keep your software updated and change your passwords frequently
Add two-factor verification to your accounts
By staying alert and taking extra precautions, you can protect yourself from scammers during these challenging times.