Since COVID-19 has taken hold of the world, hackers have taken the opportunity to profit from this. In our April 10th blog, we wrote about some scams to watch out for, including fake websites and malicious aps. Here are a few more recent ones to beware of.
The Register published a story on April 15th about another COVID-19 related phishing scam making the rounds. The scam revolves around fears consumers have of not being able to get a refund for flights they might have cancelled due to COVID-19. The phishing email contains a fake flight refund form. Targets are encouraged to enter their names and credit card details. When the targets hits send, instead of sending those details to an airline, the personal and financial data is sent directly to cyber criminals. If you are expecting a refund from an airline or other travel service, always ensure that the email has legitimately come from the company. Better yet, call the company directly and ensure you are speaking with a legitimate agent for the company before giving over any personal information.
Another phishing scam directed at Americans, claims to be sent from the White House. Trip Wire describes this scam in their blog: “digital fraudsters informed recipients that the IRS and the U.S. Department of the Treasury had decided to push Tax Day off until August 15, 2020. They then instructed users and businesses alike to click on a link in order to view the President’s updated guidelines on the coronavirus.” When users click on the link, they are directed to a website that uses the exact same HTML and CSS code as the White House’s official COVID-19 informational website. Once a user clicks the site’s “Download and read full document” button, it brings up a Microsoft Office document that uses malicious macros to load malware onto the user’s computer.
Bitdefender has also reported about a phishing scam that claims to come from the Turish Hospital and Laboratory. In this email, supposedly sent by a lab tech at the hospital, a claim is made that one of your staff members has been infected with COVID-19. The reader is urged to click on an attached image of the alleged sick staff member. The .IMG file that was sent is actually a mounted DVD, revealing an executable file which will download malware onto the user’s computer. A copy of the email is on the bitdefender site, and the spelling and grammatical errors in this email should be a dead give away that it is malicious.
Trip Wire is also warning users about a Facebook scam that is targeting senior Americans. The BBB (Better Business Bureau) Scam Tracker mentions a Facebook post targeting seniors which tells them they can receive emergency medical funds through the “U.S. Emergency Grants Federation.” When someone clicks on the link, they are invited to apply for the funding by providing their Social Security Number. Of course, no such organization exists and the seniors that have given up this information have not received any funds. The BBB Scam Tracker advises that government agencies do not communicate through social media avenues like Facebook and to be wary of unsolicited messages.
As always, if something seems to good to be true, it probably is. If you need support during this time, please contact us. Uzado is here to help.