News stations around the world are reporting the devastating effects of Coronavirus. As of today, 43,148 people across the globe have documented cases of Coronavirus, 1,018 people have died, and only 4,372 people have recovered 1. With growing concerns related to travel, its effect on the economy, and, most importantly, the lives of those affected, it comes as no surprise that criminals are using this opportunity to prey on the fear and panic surrounding the Coronavirus.
What is Coronavirus?
Coronavirus is a highly contagious upper-respiratory tract illness that causes fever, cough, shortness of breath, and several other respiratory symptoms similar to the common cold. Those exposed to Coronavirus begin showing symptoms between 2 and 14 days after exposure but may infect others before symptoms even appear. While it is known that Coronavirus is spread through contact within 6 feet of an infected person, it is not yet known if it can be spread by touching surfaces or objects that those infected have touched. 2
How does the Coronavirus Scam work?
Criminals created an email intended to lure victims into a phishing attack using the fear and uncertainty surrounding Coronavirus as bait. In this email, the criminal poses as the World Health Organization and offers safety measures regarding the spread of Coronavirus.
It begins with the World Health Organization logo at the top and asks that readers click on a button to download a document that reportedly provides safety measures.
With the panic surrounding Coronavirus, an email coming from the World Health Organization on the topic is something that most people would view as significant. Most of us want to learn more about Coronavirus and would click on the button to download the document, believing it to be valid information.
When clicking on the link, victims are taken to a fake copy of the World Health Organization website and are prompted to verify their email address and password.
When entering an email address and password, the information is then sent to criminals over an unencrypted network, and no information about Coronavirus is provided.
What Happens If I Fell Victim to the Coronavirus Scam?
When a criminal gains access to your email address and password, they may use the information for their own personal benefit, or they may sell the information to other criminals on the dark web. With access to your email account, a criminal can cause horrific damage. Some of the risks include:
- Identity Theft: If you’re like most people, you likely use the same email address for most of your online accounts, including those attached to your bank and credit cards. With access to your email address, identity theft is an easy crime for a criminal to carry out, your other online accounts can be compromised, and you may wake up to find your bank accounts wiped clean and your credit cards maxed out.
- Scamming Your Contact List: While you may not have money, it’s possible that someone on your contact list does. Scammers capitalize on the trust that you have with friends and family members by sending emails in your name, asking contacts to do things that they wouldn’t do if asked by someone unfamiliar, like clicking on links or downloading files. These then lead to phishing scams and malware where their information is then provided to criminals. They may also pose as you and request financial help with an emergency situation. For example, if you mentioned that you’re going on a trip or have an ill family member, they might email your contacts requesting emergency financial help with a trip gone wrong or an emergency surgery. This can seriously damage your reputation with friends and family or in the workplace.
- Conducting Mass Email Scams: Once a hacker has done all they can do with your personal contacts, they’ll typically use your email address to send mass emails with phishing links, malicious files, or other scam attempts. These emails include your name and email address, which means that your name is now being associated with scams and other malicious activities online.
How can I protect myself from the Coronavirus Scam?
Despite criminals’ attempts to capitalize on the fear surrounding the Coronavirus outbreak, there are several things that you can do to stay safe from the Coronavirus Scam and other phishing attempts.
- Don’t Trust An Email Just Because It Appears To Be From A Valid Source. Anyone can add a logo and spoof email address and name of the sender to make the email appear to come from a trusted source. If in doubt, visit the Customer Service or Contact Us page for the organization and reach out to them using those means to verify the legitimacy of the email you received. Do not use the link provided in the questionable email as the website may be spoofed and include false contact information provided by the criminal.
- Look For Spelling and Grammatical Errors. Legitimate organizations like the World Health Organization are going to proofread any email they send. They won’t be riddled with misspellings and grammatical errors, as was the case with the Coronavirus Scam Email.
- Use Browser Protection. When you visit a website, providers of browser protection, like Guardio, scan the site for signs of scams, spoofed websites, and other malicious code and blocks the threat BEFORE criminals have the opportunity to get your valuable personal information.
- Utilize Account Monitoring. This is especially important if you’ve already fallen victim to the Coronavirus scam. Scam victims usually can’t pinpoint the moment they accidentally provided their information to a criminal. Therefore, there’s no way to prevent another company from experiencing a breach that involves your data, and it’s crucial to have continuous account monitoring so that you can be aware of data breaches and take action to secure your data.