COVID-19 Scams - Phone, Online, & Email
Scammers follow headlines and exploit emergencies and natural disasters just like they do on holidays (e.g., Christmas, Easter) or national events (e.g., tax season). The COVID-19 worldwide crisis is a breeding ground for their phishing scams, spam, viruses, and other malware! Researchers have observed a spike of email attacks alone, for example, up 667% since the end of February!
Scammers Exploit Our Fears
How do they exploit our fears?
- Selling bogus products and services
- Use emails, texts, and phone calls to steal your personal data (e.g., financial)
- Asks that you donate to victims or to emergency services that need your assistance
- Sending information in attachments that are viruses and malware
- Using social media to produce fake news to enhance fear and panic buying
The results of these exploits? According to a March 31, 2020 report from RiskIQ:
- "The FBI warned hospitals and healthcare providers to be on the lookout for supply-chain scams."
- "Remote work by hospital support staff makes it harder for their IT teams to police computer systems and prevent cyberattacks."
- "Ryuk Ransomware operators continue to target hospitals even as these organizations are overwhelmed during the COVID-19, according to BleepingComputer on 03/26/2020."
- "Fireeye reported on 03/27/2020 that attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus checks, unemployment compensation, and small business loans. It expects future campaigns to incorporate these themes in proportion to the media's coverage of these topics."
- "Attackers are attempting to deliver Remcos remote access tool (RAT) payloads on the systems of small businesses via phishing emails impersonating the U.S. Small Business Administration, according to BleepingComputer."
- "The US Federal Trade Commission (FTC) warned nine VoIP service providers against assisting and facilitating illegal robocalls designed to capitalize on public anxiety surrounding the COVID-19 pandemic, according to BleepingComputer."
- During the time period of 03/28/2020-03/30/2020 (3 days), RiskIQ "analyzed 439,972 spam emails containing either "corona" or "covid" in the subject line. The top 5 subject lines for spam messages were:
- How to protect your body from COVID-19 (54,082)
- The Mask that can prevent Coronavirus now (42,255)
- Anti Coronavirus Disease (COVID-19) KN95 Face Mask is Available Now! (39,267)
- COVID-19 (30,667)
- Coronavirus is spreading, this specialized mask can control it (21,055)
- The top 5 subject lines of spam containing attachments with executable files (viruses and malware) for Windows machines were:
- COVID-19 UPDATE !! MUST READ!!! (1,920)
- Coronavirus disease (COVID-19) outbreak prevention and cure update. (155)
- COVID-19 UPDATE !! (111)
- Customer Advisory - COVID-19 UPDATE (68)
- COVID-19 Update (23)
- A new COVID-19 bitcoin scam promises victims "millions" by working from home.
- Researchers have seen evidence that hackers are targeting home delivery food apps
- This list is massive but these are some of the most recent items!
Protects Yourself & Each Other
During this global crisis, we need to protect ourselves an this will hopefully help protect others too. It may also include an encouraging assist from you or a reminder when you're on social media, for example, not just to repost something without following through and checking the source and data correctness!
Tips to help keep scammers at bay:
- Don't click on a link from sources you don't know. The payload could be a virus or malware downloaded on your PC or other devices.
- Be wary of links and attachments from sources you do know. Scammers constantly spoof email addresses that if you click 'Reply' you can see is not the actual person you thought it was.
- Be wary of ANY unsolicited message(s) you receive. If you didn't reach out to someone, why are you receiving that email? It is ok to slow down and be suspicious.
- Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) or other experts. Go directly to the source by doing a Google search for their website, if you do not already know it. Don't follow links either because those can be masked to look legitimate until you click them or they can be shortened URLs that can lead you to a website with a virus or malware payload.
- Ignore ads related to prevention, treatment, vaccines, and cure claims for the Coronavirus. Just remember, if there is a medical breakthrough, you won't hear about it through an ad or sales pitch!
- If you want to help, search for proper charities and crowdfunding sites. Don't rush to do it. especially if someone wants cash, a gift card, or wired money. These scammers take advantage of our desire to help. These sites help you search for legitimate organizations:
- Also be aware of investment opportunities including online promotions and claims a product or service of a publicly-traded company can prevent, detect, or cure coronavirus and that the stock of these companies will dramatically increase in value. The U.S. Securities and Exchange Commission (SEC) is releasing warnings against these.
Where to Report
While we stay vigilant, we need to be aware and be safe, and report to the following sources when we see issues:
EKU Suspicious Email: spam@eku.edu
We look at every email we receive in this mail account. In the unlikely event that an email is legitimate and NOT spam or phishing, we will reply and tell you. Less than 1 percent of the messages we see are legitimate.
FTC
You can submit FTC complaints online that fit into any of these categories: (1) rip-offs and imposter scams; (2) mobile devices or telephones; (3) internet services, online shopping, or computers; (4) education, jobs, and making money; (5) credit and debt; (6) robocalls, unwanted telemarketing, text, or SPAM; and (7) other things that don't fall into those categories.
FBI
The FBI has an online tip form line to report internet crime complaints via the Internet Crime Complaint Center (IC3).
Kentucky Reporting
- Non-compliance Hotline: 1-833-KYSAFER
- Noncompliance Form Online
Disaster Fraud Hotline (hoarding, price gouging--especially of critical supplies):
Nothing political here but a GREAT quote: