Since COVID-19 hit the headlines, we’ve covered a selection of coronavirus-related scams, phishing attacks and malware campaigns in which crooks have adapted existing sextortion emails, mobile malware and password stealing tricks to exploit people’s fear and uncertainty.
And measurements from SophosLabs show that the ones we’ve published as specific examples are just a few of many cyberscams that refer to
To help you stay on top of it all, SophosLabs plus our data science and threat response teams have created a “living article” where you can quickly access regularly updated information about the expanding “cybercorona” threat, including:
- An industry discussion channel of the latest threat intelligence.
- A Github repository of indicators of compromise (IoCs).
- Updated statistics on the volume of pandemic-related cybercriminality.
What to do?
Remember that not every cybercriminal is jumping on the coronavirus scamming wagon – in fact, we’re willing to bet that there are crooks focusing on crimes such as stealing PayPal accounts and hitting you with fake technical support calls who are rubbing their hands in glee right now.
Their glee comes from the prospect of people getting so distracted by the much more visible and widely-reported pandemic scams that they no longer have enough time to be vigilant against all the other scams that have been joined by the new-look attacks.
(The old-school scammers and the “new tricks” crooks are often the same people, of course, burning the cybercriminal candle at both ends, as it were.)
So the bad news is that you have to watch out for a plethora of new coronavirus cyberscams, as well as all the old stuff, too.
That’s where our “living report” article comes in handy, so you don’t have to spend ages hunting down the latest coronaclasms yourself!
Four quick tips:
- Don’t login to company websites via emails or texts. If a company wants or needs you to login to your account, you should already know how to access your account from the company’s own site or app. Even if it takes a few more clicks, it’s time well saved because you will automatically miss out on “logins” that could compromise your security.
- Don’t make payments via links in emails or texts. This is point 1 in a different guise. If you need to pay a company online, reach the payment page by following your own research, or using a link from a document you already have such as a contract or a recent bill. Don’t get begged, cajoled or frightened into taking exactly the “short cut” the crooks want.
- Don’t turn off security features because a document tells you to. Avoid opening unexpected or unsolicited email attachments if you can (and if you do, don’t click links in those documents – see 1 and 2). If a document asks you to
[Enable content]when you open it, or make some other security downgrade, don’t do it – it’s a trick.
- Don’t trust apps because the app creator tells you to. App reviews, positive app comments and high download counts are cheap to buy if you have no scruples. Reputation must be earned – it can’t be bought or self-declared. If in doubt, ask someone you know and trust for advice.
Latest Naked Security podcast
Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.
6 comments on “How to stay on top of coronavirus scams – and all the others too”
Thanks for the tips. Here are a series of text messages I received on my USA phone number and I immediately figured it is a scam
1 of 3
FRM:Verification’s on #WF
SUBJ:Urgent Vferification of your account.X’9
(Con’t) 2 of 3
http COLON SLASH SLASH [REDACTED] : urgent Verification of your informations with us! Thank you .
(Con’t) 3 of 3
[RANDOM-LOOKING ALPHABETIC LETTER STRING REDACTED](End)
Shouldn’t your >>> It’s not like cybercriminals to take advantage of a world event… <<>> It’s not UNlike cybercriminals to take advantage of a world event… <<<
Otherwise bravo – as always!!
It was meant to be read ironically…
…but just to be on the safe side, I removed that bit.
I’m seeing lots of panic about the house party app – do you have info?
We’re seeing literally hundreds of hack attempts on every facet of WordPress each day. We don’t use the stuff, so it doesn’t bother me, but anyone who does had better make sure his installation is patched up to date.