“As coronavirus spreads across the world, users are increasingly getting hit with fake information,” said Tatyana Shcherbakova, a senior web content analyst for Kaspersky Lab. “Cybercriminals have been leading the way, hoping to take advantage of unsuspecting users.”
On Wednesday, U.S. Attorney for the Eastern District of Virginia G. Zachary Terwilliger warned the public of several schemes that have emerged amid the health crisis.
“Scammers have already devised numerous methods for defrauding people in connection with COVID-19,” the statement reads. “They are setting up websites, contacting people by phone and email, and posting disinformation on social media platforms.”
Among them, he said, are “app scams” that are “designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information.”
DomainTools’ senior security engineer and malware researcher Tarik Saleh said his firm identified a new malicious Android app that advertises an ability to track the spread of the COVID-19 virus near you.
The app, which Saleh said appeared to be registered to an individual in Morocco, is “a pretty clever lure," he said, encouraging the victim to “enable full device control” in order to track when a known COVID-19 patient is in your vicinity.
Once a user authorizes the app with those broad permissions, they are then hit with this ransom message: “YOUR PHONE IS ENCRYPTED: YOU HAVE 48 HOURS TO PAY 100$ IN BITCOIN OR EVERYTHING WILL BE ERASED.”
The threatening message continues: “What will be deleted? Your contacts, your pictures and videos, all social media accounts will be leaked publicly and the phone memory will be completely erased.”
“It masquerades as coronavirus tracking app but in reality it locks you out of your phone and demands a ransom to get back in,” Saleh said. ”There’s a lot of really scummy people out there right now taking advantage of the situation."
U.S. Attorney Terwilliger also highlighted “phishing scams,” in which “scammers posing as national and global health authorities … are sending phishing emails designed to trick recipients into downloading malware or providing personal identifying and financial information.”
Cybersecurity researchers at Kaspersky Lab, for example, detected a sophisticated phishing scam email that supposedly comes from the World Health Organization and offers helpful tips to avoid infection but, in reality, takes email users who click on the link to a site that steals your personal information.
“This scam looks more realistic than other examples we have seen lately,” said Tatyana Shcherbakova, a senior web content analyst for Kaspersky Lab, “such as alleged donations from the World Bank or IMF for anyone who needs a loan.”
U.S. Attorney Terwilliger urged people to “be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes.”
“Legitimate health authorities,” he said, “will not contact the general public this way.”
According to Mark Ostrowski, another cybersecurity expert with Check Point Research, email users are being increasingly inundated with “nasty malware” through unsolicited emails that include attachments related to the virus outbreak, targeting people in specific areas where the outbreak is most severe.
“People are opening up these attachments not realizing that they’re malicious,” he said.
Many of these scammers are trying to trick you into divulging your personal information, which can be used against you elsewhere.
“The next best thing to getting your money is getting your personal information,” said Ostrowski. “Hackers are using that to either sell on the dark web, or they use it themselves because they figure if someone is using a password on a website, maybe they’re using the same one on a national bank account.”
Cybersecurity experts advise against forwarding any communications that are suspicious and widely agree that the best way to avoid falling victim to coronavirus scams is to beware of unknown senders, avoid clicking unknown links or opening unknown attachments, and take every claim with a healthy dose of skepticism.
“If you are promised a vaccine for the virus or some magic protective measures,”Shcherbakova said, “it has most likely come from cybercriminals.”