Welcome to Tech Support, a segment in which I, Dan Howley, serve as your intrepid guide through the sometimes confusing, often frustrating, world of personal technology.
Here, I answer all of your most pressing questions about the various gizmos, gadgets, and services you use in your everyday life.
Have a question of your own? Reach me on Twitter at @danielhowley or email me at firstname.lastname@example.org.
Now, on to your questions.
This week's dilemma:
“How can I avoid coronavirus scams?”
The continued march of the coronavirus across the U.S. has Americans searching for any news related to the pathogen, whether it’s from reputable news sources or not — and that’s leading to a field day for scammers. And as with any major news story, hackers, scammers, and malware creators are taking advantage of the chaos to target individuals seeking everything from updates on the spread of the virus to possible cures.
“COVID-19 being a topic that a lot of people care a lot about and are very eager to hear news about, means it’s great for scammers to get you to click on something that you might not otherwise,” explained Justin Cappos, computer science professor at the NYU Tandon School of Engineering.
There are a number of sleazy operations being run online at this very moment, but there are also ways to avoid becoming a victim — and a few methods that can help you fight back.
Stimulus check scams
The coronavirus pandemic has created ample opportunities for cybercriminals to launch a multitude of attacks on unsuspecting individuals.
The most immediate threat has to do with the government’s coronavirus stimulus checks. Those payments, which can reach as high as $1,200 for individuals and $2,400 for couples, are an incredibly attractive target for criminals.
According to Paige Hanson, chief of cyber safety education at NortonLifeLock (NLOK), cybercriminals are setting up microsites designed to mimic the look of state and federal stimulus websites to trick victims into entering their bank account information, and reroute their stimulus check payments.
“So they’re saying, ‘You know, instead of waiting for your paper check, why don’t you put your banking credentials in here,’ ” Hanson explained. “It’s redirecting them to a fake website that is having everyone put their banking account information in, and now all of the sudden this federal stimulus check is being sent to a scammer versus your bank account.”
Other instances see fraudsters sending out emails saying they can get victims their stimulus checks faster or asking if they have questions about their checks. The crooks then ask the victims to enter their bank account information and use it to steal the victim’s check.
Fake cures and treatments
Disinformation about cures and treatments for coronavirus and COVID-19 is also ripe for cybercriminals looking for a quick score.
Snake-oil salesmen have been caught touting cures and treatments for the virus, getting victims to purchase such items and never delivering on the goods. Forget about the fact that there is no vaccine or readily available treatment for the virus.
Hanson explains that some cybercriminals are selling phony at-home coronavirus test kits, which also don’t exist yet.
Botnets, malware, and ransomware
Outside of fake cures and stealing stimulus check money, cybercriminals are turning to the tried-and-true method of scamming people via phishing emails.
In these schemes, the fraudster will craft an email to look like it’s from the Centers for Disease Control or a local health authority. The goal is to get victims to click on a link or download a file embedded in the message.
That link or file will then inject a form of malware into a user’s computer that can do a number of different things. A straightforward attack could turn a victim’s computer into a zombie machine that works as a member of a bot army. When an attacker orders a collection of similar machines to visit a specific website en mass, it can take down the site in what’s called a distributed denial-of-service attack.
Such attacks overload a site’s server by requesting information at the same time over and over again, killing the server’s ability to keep up, overwhelming it and ending with the site going offline.
A secondary attack criminals may take is to simply load malware onto a victim’s machine that can steal his or her personal data. That could be their banking information, log-in credentials for websites, and more.
And finally, there are ransomware attacks, which completely lockdown a victim’s machine and demand a ransom payment if the victim wants the keys to unlock their system. This kind of attack has gained in popularity in recent years, and can completely disable a person’s computer for good.
How to fight back
There are a few ways you can prevent falling victim to any of these scams. The biggest preventative step to take is to always be wary of any unsolicited emails, text messages, or social media invitations you receive. Attackers are looking for people who are easy to trick using social engineering, but vigilance is a strong defense against such tactics.
If you receive an email from a friend or family member that asks you to download a file or visit a link and you weren’t expecting one, call the person to confirm he or she actually sent it. Cybercriminals can gain access to your friends’ and family members’ address books and use your contact information to make it look like a fraudulent message is coming from someone you know.
In instances where you’ve sent money to cybercriminal, your best bet is to reach out to law enforcement officials. The FBI has a cybercrime division that you can report scams to, which can help get crime networks shut down.
Ransomware victims should also reach out to the FBI if their systems are locked down. It’s extremely important not to pay such ransoms. Doing so only ends up emboldening cybercriminals and doesn’t guarantee you’ll actually receive a key to unlock your files.
If you follow these steps, you should be able to avoid becoming a victim, or at the very least fight back if you’ve been scammed.
More from Dan:
Got a tip? Email Daniel Howley at email@example.com or firstname.lastname@example.org, and follow him on Twitter at @DanielHowley.