How scams taking advantage of COVID-19 work
Coronavirus scams are spreading through the use of some familiar techniques. The current situation, however, finds more people than ever in a vulnerable situation as countless numbers are actively trying to find out more information related to the Covid-19 virus, or trying to buy supplies or protective materials.
These coronavirus scams may be sitting in your email inbox or on your social networks. They can also target you in the form of text messages that include a link. Often, these scams will look pretty official. Their message may promise important information, offer protective products or ask for a donation to help good causes. Fake shops From what we can see, fake shops are the most common scam variant, selling discounted medical equipment, like face masks or sanitizer. Some are even claiming to sell treatments or self COVID-19 tests. Same shop, different goods Anyone can set up a shop online under almost any name, including scammers. Some online sellers falsely claim to have in-demand products, like cleaning, household, and health and medical supplies. But when you place an order, you never receive the goods.
Be aware of suspicious offers on unknown online stores. Always research the seller by searching for the person or the company’s name, phone number and email address, online, including words like “review,” “complaint” or “scam.” If no red flags appear in your research, you should still be cautious and pay using a credit card or Paypal, and keep a record of your transaction.
The following example shows a simple web design used for many different scams, which were essentially the same shop with different product portfolios. A critical red flag is that none of these sites include any contact information to reach the alleged sellers.
An almost empty Whois domain lookup shows that the domain name is only eight days old. By discovering the site’s IP address NOE we have found more than two thousand domains, many of them with the same purpose.
If you or someone you know has been infected with the coronavirus, you’ll likely try to find as much information as possible regarding potential treatments. Sadly, this may lead you to run into another pile of exploitive scams. Websites often offer “medications” that can supposedly prevent one from getting sick or miraculously help an infected person to recover. This ‘cure’ can take the form of pills, drinks, powders, and more.
World Health Organization’s name exploited
Scammers are also including “World Health Organization (WHO)” in their fraudulent schemes. Most scams including references to WHO are circulating as emails, but there are also rogue websites, as well as text messages. Many of these scams request detailed information and/or money from individuals, businesses, or non-profit organizations with the promise that they will receive funds or other benefits in return.
Others ask for donations to support the treatment of sick patients or registration fees for conferences allegedly sponsored by WHO. Another type of scam proposes employment opportunities with WHO. These scams try to be more convincing by including the WHO logo, and originate from or refer to email addresses made to look like the message came from WHO or the United Nations.
Many different types of emails are being reported on social networking sites:
Not just emails, but text messages too
Scammers are also targeting victims by sending out text messages (SMSes) appearing to be sent from a legitimate company. These messages typically include a link taking the potential victim to a site that may look real, but in reality is just a simple web page designed to gather personal information like credit card details, login credentials, and even home addresses.
If you receive an unexpected message that includes a link, typically in the form of a URL shortener, likebit.ly or similar, don’t open it.. If you do click on it, do not click on anything on the website and just close the page. The following example shows an attacker trying to get people to click on a link included in a fraudulent message:
By analyzing the IP address of the links sent in these messages, we discovered more suspicious domain names that can give us insight into the size of the entire campaign.
Suspicious links in scam text messages will bring you to, you guessed it, a suspicious web page. In the case illustrated below, we are seeing a web page that looks like a brand new page relating to the coronavirus. However, analysis reveals this page was getting web traffic back in summer 2019. This clearly shows how cybercriminals trying to exploit the current coronavirus public health scare by reworking older scam sites.
In times of health pandemics, it is critical to remain well informed about current health and government guidelines. However, it is vital that you always remain vigilant to potential fraudulent information and messages, whether they come from websites, emails, text messages, social media or any other digital platform.
Stay informed, but stay safe.