Security Update: Scams taking advantage of COVID-19

For the past few months there has been one thing that has dominated everything else in the news cycle and in our lives. It continues to be important and there are going to be many ways it affects our lives for some time to come. And though it is a pandemic that threatens people's health, technology threats taking advantage of it were quick to follow.

It always pays to be extra careful whose emails you open and clicking links inside emails or opening attachments. What is safer still is to go directly to the source website or company and research whatever issue they are contacting you about from there.

Security Update: Scams taking advantage of COVID-19

Whether you are a business that has been affected, know someone who was a victim of the virus, or have just been impacted because of a lack of ability to work or live your life the way you had, it has affected us all.

Unfortunately, the very fact that everyone has been touched by this virus directly or indirectly makes it the perfect way for hackers to target innocent victims. Already hackers have used the pandemic to try and gain access to individual's private information, install malware on their devices, scam Medicare beneficiaries and much more.

This post specifically discusses scams related to:

  1. Stimulus payments targeting college students
  2. Contact tracing
  3. Excel attachments

People are using the prevalence of COVID-19 in our lives to try and gain access to our user ID's, passwords, and other information we would otherwise not share.

Stimulus payments targeting college students

A recent scam targets college students, who have already had a tough break. Classes quickly turned to online only and any students living in dorms were swiftly told they were not allowed to stay there when the pandemic broke. This forced them to find somewhere else to live and some were not even allowed to collect their personal things.

Now, scams are targeting them by focusing on the economic support generated in response to the pandemic. This phishing scam comes in the form of alleged help from the financial departments at their university. Students are prompted to use their university credentials to log into a site so they can view urgent information about the status of their economic stimulus checks. If students give up this information, it can be used to potentially place malware on their device.

Takeway: Always be cautious of communication directed at helping you when you did not solicit such assistance. This is often the best way to weed out what is real and what is not. Most importantly, find the correct information for the entity claiming to be contacting you and call them directly to see if they did in fact reach out to you. In this example, students could reach out to their university directly and verify this is not legit.

Contact tracing

Contact tracing apps, whose purpose it is to help reduce the spread of the virus by letting people know if they have come in close contact with someone who has tested positive, have been quite controversial. Regardless of your feelings about contact tracing, it is important to be aware of recent scams taking advantage of the contact tracing process, which aims to notify everyone who has come into contact with an infected person so they can be tested.

Much of the communication surrounding contact tracing is delivered via SMS text messaging. These messages alert people and encourage them to call a special hotline set up for this purpose. Unfortunately, there is no centralization of this process and scammers are taking advantage by sending out their own messages in hopes of getting people to click nefarious links. These links are typically a gateway into installing malware on your device or a way to try and gather personal information including user accounts and passwords.

Takeaway: Always be cautious of clicking on links, especially when it is coming from an unknown sender. This applies to messages from any app as well as emails. Lastly, be extra cautious when a message attempts to cause fear, this is to solicit a quick, but possibly dangerous, response from you.

Excel attachments

This week Microsoft warned users of a phishing attack that began circulating on May 12. This attack utilizes emails with a malicious Excel attachment and misguidedly appear to be from the John Hopkins Center, which they are not.

The attachment is touted as showing US deaths caused by COVID-19. Unfortunately, when opened, the user is prompted to enable content and if done, allows a macro inside the document to run. When the macro runs it installs a remote admin tool which can be used to download other malware on the device and can ultimately allow hackers to gain full control of the device.

Takeaway: Everyone needs to be careful opening email attachments, especially hot topic items like ones related to COVID-19.  Again, going to the purported sender to find the information directly is much safer.

In summary, until this pandemic is over and likely long after that, COVID-19 scams will continue to be prevalent. Scams include those pretending to help college students get their disaster relief stimulus checks, taking advantage of the fact that no one entity is controlling the communication for contact tracing, and taking advantage of people wanting access to information like how the virus is spreading and who has been affected by sending out infected excel spreadsheets.

The best things you can do to protect yourself during any time are to:

  • Question incoming solicitations whether they are messages, calls or emails.
  • Use caution when opening emails.
  • Be extremely cautious when clicking links in emails and messaging and opening attachments.
  • Contact the company directly if you think something is off.
  • As always, taking the time to question the information presented to you before acting can save you valuable time and resources that recovering from being hacked would otherwise cost you!