More threads by David Baxter PhD

David Baxter PhD

Late Founder
Coronavirus COVID-19 Phishing, Scams, Frauds, and Schemes
by Anand Khans,
March 26, 2020

Over the last few days, the coronavirus COVID-19 panic among people has resulted in the rise of fake news and misinformation spreading on social media platforms. Thankfully, apps like WhatsApp and Instagram are already preventing the flow of misinformation, courtesy of initiatives in partnership with the World Health Organization (WHO).

Sadly, the panic has resulted in a breeding ground for COVID-19 Internet scams, cybersecurity threats, and malicious activities. Over the last several days, we have covered numerous coronavirus-themed phishing scams and malware activities taking place all across the globe.

Coronavirus COVID-19 scams
In this article, we have compiled a list of some of the worst coronavirus-themed online scams and cybersecurity threats affecting users.

  1. Work-from-home job listing and money laundering scam
  2. Free Netflix subscription scam
  3. Bogus coronavirus antivirus scam
  4. Coronavirus ransomware & sextortion scam
  5. Fake COVID-19 tracking website
  6. Fake apps
  7. 'Coronavirus prevention seminar' scam
  8. Coronavirus medical supply scam
  9. Bogus coronavirus vaccine website.
1] Work-from-home job listing & money laundering scam
With offices temporarily shut down since the coronavirus outbreak, millions of people are forced to work remotely from their homes. Now, hackers seem to be targeting those who were unable to resort to working remotely and are still looking for a job on the Internet – trying to trap them into money laundering schemes.

Scammers, under the name of the Vasty Health Care Foundation, are hiring online customer service representatives in the pretext of helping coronavirus victims. The money most likely stolen from someone's bank account would be credited in the job seeker's bank account, who would ultimately launder it into cryptocurrency. In this scam, you may not be a victim in this scam per se. But you are helping out a criminal, which is equally immoral and detrimental.

2] Free Netflix subscription spam
A spam message promising to offer free Netflix subscription during the coronavirus outbreak is spreading via social media and IM apps. Although there are many websites out there that are providing users with complimentary, unrestricted access to premium offerings, to encourage social distancing, Netflix isn't one of them.

Users are asked to register at Stay away from it!

Scammers also ask victims to share the message with 10 friends to avail the free Netflix pass during the home quarantine. It simply maximizes the reach of spam, which is likely to affect more users. Read: How to Avoid Phishing Scams.

3] Bogus coronavirus antivirus scam
Cybercriminals are trying to trick users into installing Remote Access Trojan (RAT) and other data-stealing malware in the pretext of offering coronavirus antivirus. Malwarebytes found a website antivirus-covid19[.]site that promises to protect users against the actual COVID-19 virus. Upon installing this bogus 'antivirus' application, your computer will be infected with malware. This is the extent to which hackers are cashing in on the coronavirus scare.

A distribution of Coronavirus-themed malware is on the rise these days. Recently, we discussed an incident where hackers were caught using coronavirus scare to target e-mail addresses and install different RAT malware using malicious email attachments. Just to be on the safe side, you are recommended to follow these malware prevention tips.

4] Coronavirus ransomware & sextortion scam
Ransomware attackers are finding ways to benefit from the ongoing coronavirus scare. Recently, a malware application disguised as a coronavirus tracking app triggered a ransomware attack on the victim's smartphone.

Bad to worse, we have also seen attackers also threatening to leak the victim's private photos and videos if he or she victim refuses to pay money. In good news, preventing human-operated ransomware attacks is possible. Meanwhile, you can download this e-book to defend yourself and your company against ransomware attacks.

5] Fake apps
In some cases, hackers are hijacking router DNS settings and redirecting victims to malicious websites promoting apps from reputed organisations like WHO, etc. These sites then push malicious coronavirus related apps.

Install genuine apps only from the official Microsoft, Android or Apple Stores.

6] Fake COVID-19 tracking website
There are some genuine coronavirus COVID-19 tracking websites. However, users often seem confused about which website to trust. As a result, fake coronavirus tracking services have become extremely common these days. These untrusted apps and websites often lock users out of their devices and hold their data to ransom.

7] 'Coronavirus prevention seminar' phishing scam
Healthcare workers are working under extreme pressure since the coronavirus outbreak. Unfortunately, attackers are even trying to trick healthcare workers into falling for scams. Recently, attackers were caught persuading healthcare workers into taking a free, coronavirus-prevention seminar. In reality, this so-called 'coronavirus prevention seminar' is nothing but a phishing scam, which starts with a fake email. The email comprises a link to a webpage that looks like an Outlook Web app and urges users to enter their login credentials. Upon entering their username/email and password, users will have their login credentials compromised in no time.

Microsoft is already been cracking down on such coronavirus-themed phishing campaigns. However, you need to be careful extra careful about such phishing attacks.

8] Coronavirus medical supply scam
Goes without saying, the ongoing coronavirus outbreak is affecting users across the globe. As a result, there may be a medical supply shortage in the wake of the outbreak and hackers are already exploiting the situation to their advantage.

Some dubious websites offering unbelievable discounts have been set up, accepting payments via PayPal and Bitcoin. These are completely fake websites run by scammers whose only purpose is to dupe their victims by intentionally failing to process their orders upon receiving the payment.

9] Bogus COVID-19 vaccine website
The US Department of Justice (DOJ) is warning users against websites promising to ship free coronavirus from the World Health Organization (WHO). All you need to do is pay $4.95 to cover shipping costs. It's nothing but a scam you should stay away from. However, there are no legitimate COVID-19 vaccines currently available and the WHO is not distributing any such vaccine.

The main cause behind these scams and attacks is the misinformation about the outbreak. If you come across any such scam online, make sure to report it to relevant authorities.
Replying is not possible. This forum is only available as an archive.