By Tracey Dowdy
Seasons like the one we’re currently living in bring out the best in some and the worst in others.
It’s nothing new for scammers to get creative during a national emergency – we’ve seen it happen time and again – and a global pandemic like COVID-19 is no exception.
A recent release from the US Cybersecurity and Infrastructure Security Agency offers great advice on how to avoid being scammed.
Any time an unsolicited email prompting you to click on an attachment hits your inbox it should raise a red flag. CISA recommends disabling automatic downloads for attachments. The problem is that not all email clients offer this, and each is different from another. Scammers know that in times like these, by pulling on your heartstrings or using language that increases your anxiety, you’re more likely to share sensitive or personal information, so they recommended taking the time to read Avoiding Social Engineering and Phishing Attacks. Most importantly, never ever reveal personal or financial information in an email or respond to requests for it via email or text. It’s also smart to ensure any charity or cause you choose to donate to is legitimate. Sites like Charity Navigator, guidestar.org, and give.org can help you vet the charity before handing over and money
If you’re tracking COVID-19 news and information through an app, be aware that there are malware traps out there. Recently, a malicious Android app called CovidLock that purported to help users chart the spread of the virus instead locked and held many Android phones for ransom by hackers. DomainTools researcher Tarik Saleh states, “This Android ransomware application, previously unseen in the wild, has been titled ‘CovidLock’ because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.”
Hackers have been using coronavirus-tracking map sites to inject malware into browsers and Market Watch reported that coronavirus-related website name registrations are 50% more likely to be from malicious actors. The best way to avoid this is by setting a password that can help protect you from a lock-out attack. And when it comes to choosing an app, shop the Google Play store so you’re less likely to download a malware-laced app.
Beware Facebook Charity Groups
It goes without saying, but there’s volumes of misinformation, fake cures, pseudo-science, and conspiracy theories being shared on social media, doing far more harm than good. Trust what the CDC says, not a theory posted by a guy you knew in high school who heard it from a friend of a friend who knows someone that talked to a guy working behind the scenes who can’t reveal his source. By clicking the “about” section of a Facebook group, you can see whether that group has changed its name multiple times to reflect new national crises — a sure sign that the group is trawling for an audience rather than promoting reliable news.
Here’s how to sift through the trash to find the treasure:
- Trust only official sources on Twitter and Facebook including the accounts of trusted news sites and their reporters. Avoid talking heads or people presenting opinion and theory as opposed to facts.
- Before you click on a website that purports to be an official government site, check the URL to see if it ends in .gov.
CISA’s has an official tip sheet to help you avoid being scammed during this challenging season.
Tracey Dowdy is a freelance writer based just outside Washington DC. After years working for non-profits and charities, she now freelances, edits and researches on subjects ranging from family and education to history and trends in technology. Follow Tracey on Twitter.