If you’ve been hit with a scam attempt (or a lot of them) in the past few months, you’re not alone. Studies have shown that cybercrime and fraud have spiked significantly during the COVID-19 pandemic, with phishing attacks seeing a whopping 30% increase in the past three weeks alone.
It’s not exactly surprising, since phishing attacks are popular because of how easy and straightforward they are to pull off. All it takes is one person making the mistake of opening your malicious email and presto — you have full access to their messages, contacts and personal data. Tap or click here to see how hackers are targeting Skype users with phishing attacks during COVID-19.
With so many scams making the rounds, knowing the lay of the battlefield is the best way to keep yourself safe. Here are the latest tactics that fraudsters are using to add insult to injury during the COVID-19 pandemic, so you can stay one step ahead.
Cyberattacks on the rise, but is COVID-19 to blame?
According to a new report from security researchers at Check Point, an intense spike in COVID-19-related cyberattacks has occurred in the past three weeks alone. This measurement is based on the fact that Check Point found nearly 20,000 newly registered website domains having to do with the virus, as well as an increase in scam emails and malicious file attachments with “corona” or “COVID-19” in the name.
Check Point’s research shows that these trends evolved over time as well, with domains and phishing attack methods focusing on stimulus payments towards the end of March. These focused on separating people from their incoming stimulus money, or using the overall topic to deceive victims. Tap or click here to see how these scams work.
Now, in early May, you can see in the chart above that scams are trending primarily in the realm of coronavirus cures and post-corona efforts. These include job opportunities, protective gear and other topics related to reopening the economy and getting workers back on their feet. Tap or click here to see when your state should be reopening.
COVID-19 isn’t the reason these scams exist, but it sure gives the worst people on the web an excuse to do harm to innocent people. We’ve got to say, we miss the Nigerian princes already.
WHO is it really?
As we shift into our new normal of remote work and sanitary precaution, scammers are also trying to keep up with current events. Check Point identified several attempts by scammers to impersonate health officials and businesses, such as the World Health Organization and Zoom.
Fake URLs with malicious websites were a common scamming tactic before the pandemic, and in recent months, the practice has become more widespread. Check Point discovered a fake Google Meets domain titled Googelmeets\.com, which was first registered on April 27.
All it would take to fall victim to a scam like this is making an easy typo. That’s why scammers are constantly registering new domains for their plans.
Check Point found that more than 2,500 Zoom-related domains were also registered in the past three weeks, and at least 32 of them were confirmed to be outright malicious. Fake Zoom invitations are an easy way to scam people into ponying up private data, and Zoom’s existing privacy issues might even cause the fakes to be overlooked.
The World Health Organization, on the other hand, is becoming one of the most common disguises scammers are using online. Usually, these emails will be given an alarming subject line with WARNING in the text and will include a file attachment containing “critical information,” like vaccine signups and nearby cases.
Clicking the attachment, of course, installs malware on your system. Do they really think we’re that dumb?
What can I do to stay safe?
As with any phishing campaign, the scheme only works if you fall for it. Fortunately, anyone who’s been paying attention to the news will know just how bogus most of these tactics are when you apply a bit of scrutiny to them.
When reading your emails, keep an eye out for sensational subjects and file attachments. Avoid opening emails from anyone you don’t know, and never download attachments until you confirm why you should with the person or organization that sent it. We recommend reaching out directly, through a real website or by calling, so you’re 100% sure there’s no funny business going on.
In addition, make sure to carefully type and spell domain names when surfing the web, and pay attention to small details on the websites you visit like language use and spelling. Poor grammar and English are often some of the biggest red flags behind scam campaigns.
If you know what to look for, these scammers won’t be able to hurt you. And if you spread this knowledge to the people you care about, you’ll flatten the curve of fraud and cyberattacks.
You’re already taking care of the infectious curve of COVID-19 by staying home. Why not help remove another viral scourge from the internet this time?