As soon as the coronavirus appeared on the news, criminals started launching various scams and cyberattacks. From selling fake vaccines to impersonating healthcare providers, they have already stolen millions from people around the world. What are the typical COVID-19 frauds and how can you protect yourself from them?
COVID-19 scams to look out for
Hackers often impersonate reputable healthcare organizations, government institutions, and public service providers to convince victims to click on a link in an email. Once they do, their devices can be injected with malware and all personal data stolen.
In 2020, when most countries went into lockdown, Google was blocking 18 million phishing emails a day.
The scams intensified as the COVID-19 vaccine rollout progressed. These scams went something like this: You receive an email from your local hospital inviting you to register for a vaccine shot. The email is well-written, so you click on the link and fill out a form only to realize that you have just given away your sensitive information to criminals.
How to identify a phishing scam
- Look for any spelling and grammar mistakes.
- Hover your mouse over the link and examine the URL.
- Inspect the email address and check if it’s legitimate.
- See if there are any suspicious attachments included in the email.
- Evaluate if there’s any sense of urgency pushing you to fill out a form or click on a link
Smishing is similar to phishing, but, instead of a fake email, you receive a text message. Since we regularly receive texts from various services, you might not get suspicious when your alleged healthcare provider contacts you.
If that message contains a link, it’s best not to click on it, no matter how convincing everything may appear. Otherwise, hackers can install malware on your phone, monitor your online activities, or steal your passwords and credit card information.
Estimates say that, during the first year of the pandemic, Americans lost around $30 million to text and phone call scams. Unfortunately, these numbers are growing every day.
How to identify a smishing scam
- The text message contains a suspicious link.
- There’s a sense of urgency.
- You’re asked to provide your personal data or verify your identity.
- Grammar and spelling mistakes.
According to cybersecurity experts, wrongdoers are creating thousands of fake websites and online pharmacies daily. While law enforcement agencies around the world are trying to fight this, new counterfeits are springing up like mushrooms after the rain. Some criminals impersonate government organizations and trick Internet users into revealing their data, while others go even further and sell fake COVID-19 vaccines.
How do people end up on those websites? It might be an ad or a pop-up you accidentally clicked, a malicious email or an SMS, and even a fraudulent website indexed by Google.
However, sometimes you can get tricked even on well-known online shopping platforms. Reports confirm that scammers have been selling fake vaccination cards on websites like eBay, Shopify, and Etsy. Apparently, there are many people interested in counterfeiting immunity, and fraudsters are using this naivete.
Things to remember
- Nobody can legally sell COVID-19 vaccines online.
- Nobody will ask you to enter your Social Security number, credit card details, passwords, or any other highly sensitive data.
- Nobody will ask you to pay for your vaccine shot.
How to identify imposter scams
- Check the domain name and never enter your details if a site starts with “http” instead of “https” (“s” stands for “secure”).
- Look for contact information and check whether it’s legitimate.
- If ads and pop-ups start chasing you on the website, leave immediately.
- Look out for poor grammar and bad design.
Since the beginning of the pandemic, hospitals and healthcare institutions have been constantly under siege. It takes one careless employee to click on a malicious link, insert an infected USB, or log in to the system with compromised credentials to affect the whole facility and have its data held to ransom.
Law enforcement agencies discourage health organizations from paying hackers, as you can never be sure if they will decrypt your files after getting paid.
How to identify ransomware
- Carefully inspect every link in the email, even from your employer.
- Avoid using the same USB at home and at work, or at least scan it every time you use it.
4 tips to enhance your online security
Take everything with a grain of salt. Nothing can serve you better than being careful with every email, SMS, or call you to receive. Always double-check the information on official government websites, and never reveal your personal details.
Use strong passwords. We recommend using lower-case and upper-case letters along with numbers and special characters to create complex passwords. Every password has to be unique. If hackers steal your credentials that fit a whole bunch of other accounts you use, this could cost you a lot. Having to deal with only one compromised account, on the other hand, is the lesser of two evils.
Be careful with fake apps. There are a handful of malicious contact tracing apps that could leave you with malware and monitor everything you do online. Download apps only from official stores and always check if they’re approved by your local government.
Get yourself a VPN. A virtual private network encrypts your internet traffic and masks your IP address, thus enhancing your security and privacy. If you often connect to public Wi-Fi, having a VPN enabled on your device is a must.
A leading VPN in the industry, NordVPN, has more than 5,400 servers in 59 countries, providing users with top speeds. With one NordVPN account, you can protect up to six devices to cover all your laptops, smartphones, or tablets. You can even install the NordVPN app on your router and protect every device connected to the internet in your household. This allows you to enhance the security of the less tech-savvy family members or children browsing online.
A VPN also helps you to securely access your company’s resources when working remotely. Since a lot of employees nowadays use their personal devices for work, it’s important to make sure that somebody keeps an eye on their online activities.
In these uncertain times, it’s better to be proactive and take additional precautions rather than wait for an incident to happen. COVID-19 scams are constantly evolving, but, with the right tools and some common sense, you can stay one step ahead of wrongdoers.