Coronavirus scams, spam and phishing

Criminals are hardest at work when a national or international disaster strikes, playing on peoples’ fears and insecurities. They are using scam, spam and phishing tactics to steal your money during the Coronavirus pandemic.

As the saying goes, “If it sounds too good to be true, it probably is.” If you get an email, mobile message or see ads – even on popular online shops such as Amazon and eBay – that offer free face masks, medicines or free toilet paper, ignore it or report it or, where possible, delete it immediately.

There are a number of such phishing examples doing the rounds, many from criminals claiming to be doctors or pharmacists offering Coronavirus advice, a vaccine or some cheap miracle cure.

These offers are fake. There is no vaccine or cure yet. You’ll pay for it but never see the product. And, in the event, your personal data will also be stolen.

Miracle cure scams

Do not simply trust so-called Coronavirus-related advice on stock exchange investments or any such investment opportunity. They probably are false Buy Signals. If you are in the fortunate position to have spare capital, rather seek the advice of an investment professional because stock markets can be complex.

And, for heaven’s sake, DO NOT partake in random so-called opportunities to be a volunteer for test vaccines, not for any amount of money offered. It might cost you your life!

Also, watch out for fraudsters who dress as medical or first aid staff and present fake test kits. If you open your door to them, they’ll rob you.

Coronovirus spam and phishing

As mentioned above, be suspicious of Coronavirus advice from persons or organization your are not familiar with.

Always check the sender address, especially if the email or message appears to come from a known source. For instance, this example below is a fake message drawn up to appear that it was sent by the World Health Organization –

Example of fake WHO Coronavirus email.

As security company Sophos points out, criminals are notoriously bad at grammar and spelling. In short, again, if it does not look right, it most likely is not.

Sophos gives the following valuable advice

  • Never let yourself feel pressured into clicking a link in an email. Most importantly, don’t act on advice you didn’t ask for and weren’t expecting. If you are genuinely seeking advice about the Coronavirus, do your own research and make your own choice about where to look.
  • Don’t be taken in by the sender’s name. This scam says it’s from “World Health Organization”, but the sender can put any name they like in the From: field.
  • Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do. Take the extra time to review messages for telltale signs that they’re fraudulent – it’s bad enough to get scammed at all without realizing afterwards that you could have spotted the fraud up front.
  • Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, stay clear. Do your own research and make your own choice about where to look.
  • Never enter data that a website shouldn’t be asking for. There is no reason for a health awareness web page to ask for your email address, let alone your password. If in doubt, don’t give it out.
  • If you realize you just revealed your password to imposters, change it as soon as you can. The crooks who run phishing sites typically try out stolen passwords immediately (this process can often be done automatically), so the sooner you react, the more likely you will beat them to it.
  • Never use the same password on more than one site. Once crooks have a password, they will usually try it on every website where you might have an account, to see if they can get lucky.
  • Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you, but are usually a huge barrier for the crooks, because just knowing your password alone is not enough.

Reminder: do NOT open any email attachment unless you are familiar with the sender!

Coronavirus malware

One of the most trusted sources on news of the pandemic is Johns Hopkins Coronavirus Resource Center. Their Coronavirus tracker map is followed by the media and millions of people around the world.

Johns Hopkins Coronavirus map

Unfortunately, cybercriminals use images of the famous map to plant spyware and malware on computers. Once the map is downloaded, the computer virus goes to work.

As MalwareBytes points out, computer viruses have also been found in fake e-books offering health tips and advice for COVID-19 preparedness.

Threat actors use a fake e-book as a lure, claiming the “My Health E-book” includes complete research on the global pandemic, as well as guidance on how to protect children and businesses.

Note: this site features data drawn directly from up-to-date Johns Hopkins sources through DataWrapper graphs. See Coronavirus maps and statistics.

Typical phishing campaigns

Typical phishing campaigns copy the layout of authentic charity websites to trick visitors into sending money, usually requesting payment in cryptocurrency.

Security expert Brian Krebs describes how Vasty Health Care Foundation, a phony charity, scraped the Global Giving site, solicits funds and then use a network of mules to launder the money.

Phishing copy of an authentic charity.
Looks real but it is a phishing copy of an authentic charity

To find a real charity, see charity watchdogs such as Charity Watch, Charity Navigator and GuideStar. Or you can make a valuable contribution at

Avoid giving money over the phone. Period.

In the United States, the Telemarketing Sales Rule allows fundraisers asking for charitable solicitations, even if your number is listed on the National Do Not Call Registry. Be careful. Instead, request to be placed on the charity’s do-not-call list and, if you wish, rather contribute on the charity sites listed above.

If you suspect foul play, report it on the FTC (Federal Trade Commission) complaint site.

Fake offers

Below is an example of a fake face mask ad on Amazon, as reported by Coindesk in their article explaining how thieves swindled $2 million from panicked consumers.

Fake face masks ad on Amazon.

Most good online shops have pages on which you can report scams. On Amazon, there is a Fraud report page and a Phishing report page.

Stay safe, stay healthy

To protect yourself from Coronavirus scams, spam and phishing, keep an eye on the mentioned security sites.

To learn more about the Coronavirus symptoms, prevention and treatment, please refer to the CDC (Centers for Disease Control and Prevention) Coronavirus portal.

03/19/2020. Category: info. Tags: , .

You may also like -