Jason Glassberg is a co-founder of Casaba Security, a cybersecurity and ethical hacking firm that advises cryptocurrency businesses, traditional financial institutions, technology companies and Fortune 500s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.
Cybercriminals and other scammers are losing no time in exploiting the current public health scare about coronavirus.
The World Health Organization (WHO), Federal Trade Commission (FTC), Securities and Exchange Commission (SEC) and the Better Business Bureau have all issued warnings in recent weeks about the uptick in criminal scams tied to the coronavirus.
Even some foreign governments are suspected of being involved.
As the virus continues to spread globally and throughout the U.S., the instances of these scams will increase. And the average person will become more susceptible to the fear-mongering and manipulation tactics used by these criminals.
There are a lot of ways for hackers, scammers, and organized groups to exploit our fears in order to steal money and personal information, compromise businesses, and even disrupt the upcoming election.
Here are six scams to be aware of:
Spoofing government and health care organizations
Hackers are already impersonating the UN’s health agency in an effort to carry out a variety of scams, from account takeovers to phony donation requests and the spread of malware. The FTC is also warning of “spoofed” emails, text messages, and phone calls that claim to be from the Centers for Disease Control (CDC).
Consumers can expect to see a wide range of coronavirus-related “phishing” (fake email), “smishing” (text message phishing), and “vishing” (phone fraud) scams over the coming weeks and months. These scams will prey on our insecurities about how and where the virus is spreading, and they could take several forms — such as fake health agency warnings about infections in your local area, vaccine and treatment offers, medical test results, health insurance cancellation, alerts about critical supply shortages, and more.
These messages can be highly convincing because criminals frequently use professional “phishing kits” that perfectly match the logos and email formats of legitimate organizations. Hackers will also use tactics like “combosquatting” and “typosquatting” to create fake URLs that are easy to fall for.
The authenticity of text messages and caller ID are also difficult to verify. Criminals will frequently combine these methods into a single attack, so that a person will get both a phone call and an email, or an email and a text message, etc., which makes it more likely they will fall for it.
Scammers will also set up fake coronavirus-related websites that offer “cures” (both natural and pharmaceutical), vaccines, testing kits, and prophylactic items in short supply such as face masks.
They may also offer other popular and in-demand items at an extremely low price.
These phony websites will try to steal your money and card information, and they could also infect you with malware. However, it could also be worse. Some of these sites could put your health at risk by sending you products that are substandard in quality (used, damaged or expired) or outright dangerous — as in the case of the “Miracle Mineral Solution” and other sodium chlorite treatments that are being marketed online as cures to the coronavirus.
Seller and buyer scams
Similarly, scammers and unethical sellers could also take advantage of widely used platforms such as Amazon, Walmart, AliExpress, Overstock, Newegg, OfferUp, etc. to gauge consumers.
Third-party sellers on these platforms may market tainted, damaged, used, expired and otherwise unsafe products that are in high demand because of the coronavirus. They may also offer bogus rebates and return policies which they have no intention of honoring, thus leaving consumers holding the bag.
Fake sellers may also infiltrate online forums, Facebook groups, and other informal marketplaces where they can directly con consumers by collecting payments but never shipping any products.
Those who sell products online should also be wary of scams that could target them through payment apps like Venmo and Zelle. The most common is the canceled payment scam, in which the fraudster buys your product, pays for it through the app, but then cancels the payment before it’s actually processed — which is usually days later, and after you’ve already shipped the product.
This scam is particularly likely now, when consumers are eager to get coronavirus-related goods shipped to them ASAP. Criminals could also use stolen credit cards to buy coronavirus products which they then turn around and resell to other buyers. Because the card is stolen, the cost of the transaction will eventually be charged back to the seller.
Social media scams
Aside from the risk of misinformation, which we’ll get to in a minute, social media users need to be wary of two specific scams that are likely to play off of the current coronavirus situation.
The first category is fake fundraising — either for a supposed victim of coronavirus or a charity group claiming to serve these victims. These calls-to-action can be very convincing, particularly since they may use the stories and images of real people and they often utilize legitimate fundraising platforms like GoFundMe to collect the donations.
The AARP provides a helpful guide on how to weed out fake charities, and it’s worth taking a look. Of course, it's important to bear in mind that there are likely to be many real fundraising drives during the coronavirus epidemic so don't assume every one is a fake — but be sure to check for red flags like grammar and spelling mistakes, reused images (taken from news stories or social media), unknown charities, or high-pressure sales tactics geared toward larger donations.
The second threat to watch out for is coronavirus-related investment scams. As the SEC recently warned, criminals will use social media to promote microcap stocks which they claim have a product or service that can help prevent or treat coronavirus. These are pump-and-dump scams that could cost investors dearly.
Public crises are often rife with misinformation, and we’re already seeing a lot of this with the coronavirus.
While much of the misinformation may be unintentional, it can also be used by unethical blogs and pseudo-news sites to drive up their page views, as well as by scammers to promote certain goods (like “cures” and therapies) and “can't lose” investments.
The media watchdog group NewsGuard launched a coronavirus misinformation tracking center and recently put together this list of the worst offenders.
Coronavirus misinformation and conspiracy theories can also be weaponized by malicious groups and foreign actors in order to trigger a public panic, sow divisions among Americans, and increase their skepticism of U.S. government agencies, public figures, and political parties.
WhatsApp, Twitter, Facebook, and other popular platforms have all faced a surge in conspiracy theory peddling, and tech companies are having a difficult time stopping it.
It’s probably one of the last things many people would think about with the coronavirus, but the rising panic could also have an impact on the upcoming election.
The U.S. State Department has already identified two million tweets that are pushing conspiracy theories, with many of these showing evidence of “inauthentic or coordinated activity,” which suggest foreign government involvement.
A foreign power like Russia could use its considerable social media bots to push disinformation about local infection rates, the risk of transmission, incidents at or near polling stations, or fake alerts from public agencies. There are any number of ways Russia could exploit these fears in order to depress voter turnout and increase anger toward elected officials.
As the coronavirus spreads and more communities are affected, it is important for people to keep their wits about them and not fall for the many scams that are likely to proliferate. The best sources of accurate information on coronavirus are the CDC and WHO, so refer to them and not the sensationalistic stories circulated on social media.
Don’t provide information in unsolicited phone calls, emails, or texts. Don’t click on links or download attachments from any of these messages. Don’t buy items from unfamiliar sites or apps. Always use a credit card when making online transactions, as this will protect you better than a debit card.