Coronavirus Themed Scams and Lies You Should Know 0 60

Scams demanding bitcoin on pain of infecting you with the coronavirus gain their fair share of shine among schemes with a thin veneer of plausibility

In our previous posts, we have talked much about how scammers and spammers are taking advantage of the current fear and confusion brought about by the COVID-19 pandemic to rip off unsuspecting victims. 

However, several ransomware gangs have now resorted to alternative tricks to stay afloat as folks are catching up with them. As an example, some of them are faking conscience by publicly announcing that they will avoid targeting healthcare providers within this pandemic period.

In the same vein, the heightened interest and round the clock bulletin of the pandemic across the globe isn’t making things better. Even the most slothful and unimaginative wannabe cybercriminals have been awakened, and now repackaging other’s or own shysterism and scams in COVID-19 wrappers. 

In this post, we provide you a few more Coronavirus associated scams that might come your way. Let’s dive in!

Blackmail threats

The use of blackmail in an attempt to coerce innocent victims to cough up some money isn’t something new among online fraudsters. Our sextortion scams post shows how a scammer can threaten you with “dire” consequences if you don’t pony up some specified amount of money (mostly in the form of bitcoins) to a provided address—for instance, leaking out a video of you watching porn to your list of contacts. 

Now, what happens when a global pandemic such as the COVID-19 disease strays into a sextortionist scope?

 The example below, perhaps?

Figure 1. Sextortion scam threatening embarrassment plus coronavirus infection for nonpayment

As we can see from the example, the threat goes beyond your typical sextortionist’s threat; it incorporates something current (COVID-19 pandemic).

However, in an amateurish way as it can’t convince a sensible soul. For instance, how the heck are they going to infect your family with the Coronavirus? Simply unrealistic, right?

Another interesting thing about the email is the tactical pairing of passwords gotten from publicly leaked account compromises so as to appear authentic.

Better still, the fraudsters have randomly replaced some of the characters in the message with Unicode homoglyphs (similar characters).

The second figure below highlights the replacements to show you how the scammers carefully selected the homoglyphs in order to convince you.

Figure 2. The same message with Unicode homoglyph replacements highlighted

If you ever receive such a scam mail threatening to infect you and your family with the virus, don’t even give it a second thought.

Those behind it are a bunch of clueless scumbags who don’t even have a clue regarding where to obtain appropriate COVID-19 samples, leave alone how to weaponize and deliver them. 

Plain dumb scams

Just like the previous illogical email, you may also be surprised to get an even dumber version.

For example, take a look at the following mail:

Figure 3. “I hate you, give me money” extortion scam

Not only were the composers lazy but also dumb or ignorant. As an example, how is the threat going to be carried out? 

Will the supposedly infected neighbor sneak out of their home in the dead of the night and cough on your exterior door handles or letterbox?

This is an example of some of the weirdest emails you may probably get from some low-life, dumb, lazy, or ignorant scumbags who don’t even have an idea about their kind of trade. 

For instance, the message doesn’t even state the required amount of money, due date, or any other conditions whatsoever.

Probably, the person behind such a scam is betting on a handful of scared recipients who will voluntarily give in to their demands.

Final thoughts

A closer check at the provided bitcoin addresses in the examples alongside others in similar online scams (by our team) indicates that neither of them had received any substantial payments. For example, one of them had transacted a single bitcoin payment whose amount equated to a measly US$0.04.

This shows how not so well thought out scams can be; however, they have the potential of spreading more fear and worry, especially at this particular time of heightened concern, which can cause more damage.

Therefore, instantly delete such emails or similar ones in case they hit your inbox. Otherwise, if you need more advice regarding this type of scams, among other consultations, then ESET has been here for you for over 30 years. We want to assure you that we will be here in order to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-day trial for free.

Previous Article

How To Improve Communication Security with MFA 0 354

Person working on two factor authentication

Remote work can be much safer with the basic cyber-hygiene practices in place – multi-factor authentication is one of them

If you are working from home due to the coronavirus pandemic, it is essential to integrate two-factor authentication (2FA) or multi-factor authentication in your daily login routine. That way, you can beat fraudsters at their own game, since the security of your essentials isn’t wholly dependent on passwords alone.

The interesting bit with this technology is that you may have already seen it in action; for instance, when requesting access to your bank account via your smartphone. In this case, you must enter the one-time code sent to you in addition to your password to gain access.

See, enabling such double authentication processes on all your logins can make it difficult for scammers to access your accounts even if they compromise your passwords.

That said, you may now want to know which MFA option to use? Well, we take a look at some of the ways you can utilize MFA to bolster the security of your connections when working remotely.

  1. First, the use of a physical token

To implement this technique, you will require a physical device such as a security USB key, a key fob, or a similar item that will generate a secure code for verification purposes.

You’ll mostly be required to integrate this method if you need access to your cloud-based applications, online office applications, or corporate office technology. The YubiKey or Thetis is an example of such a device that you can purchase with less than US$50.

For convenience purposes, most of these devices are designed tiny; you can carry them in your pant pocket or hang them on a keychain for safety purposes. 

2. Use of a mobile phone

Most likely, you own a smartphone, right?

If yes, you can use it to boost your MFA security capabilities. For instance, you can download an authentication app such as Google Authenticator, ESET Secure Authentication, or Authy for your use.

The only caveat here is to ensure your source has a reputable security background. This is informed by the fact that the app is going to reside inside your smartphone, which is also vulnerable to security threats; therefore, robust security is required to avoid pre-emptying your security efforts.

Importantly, be on the lookout for spam messages when using your phone as they can trick you into compromising your accounts.

Fortunately, if you download applications from reputable sources, you can be offered a solution in case you have an issue with the platform itself.

3. Use of Biometrics

Factually, no single human being shares a fingerprint or retinal scan with another. This unique feature has been conveniently utilized overtime to provide robust multi-factor Authentication. 

You can also utilize the same to secure your connections.  For instance, you can take a picture of your face or scan your fingerprint using a biometric reader – currently, a common feature in smartphones or other devices ─, and then integrate it in your login procedure. These will prevent any other user from accessing your accounts or private information.

On the flip side, some folks feel that the technique is somehow creepy; therefore, give it a wide bath. Besides, it can present a challenge when you need to reset your bio features if your service provider is hacked.

Final thoughts

When scouting for a suitable MFA option for your needs, it is vital to consider one that can easily fit your routine. This stems from the fact that without proper utilization, an MFA option can’t protect you.

Similarly, an MFA technique can allow some side benefits as well. For instance, in the event of a security breach, you will be notified that your password has been interfered with; this can enable you to implement mitigation measures. Not only that, but you also get protected from the would-be attack since the fraudsters wouldn’t have access to your other factors.

In case you require a secure authentication application or consultation regarding MFA options, then ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software. 

Try our extended 90-days trial for free.

3 Ways Scammers Are exploiting Coronavirus Fears 1 260

Types of Scams

From malware-laden emails to fake donations, these are some of the most common cons you should watch out for amid this public health crisis

It’s beyond reasonable doubt that the COVID-19 disease has transformed itself into a pandemic that has thrown the world into a tailspin. Panic is palpable than ever before, and as a result, has led to market closures, travel bans, lockdowns, and panic buying.

Unfortunately, cybercriminals are taking advantage of this chaotic situation to defraud the vulnerable. With more than 60,000 deaths witnessed across the globe due to the virus, fraudsters are finding an opportune moment for launching their fraudulent campaigns, usually disguised as humanitarian interventions.

Therefore, the big question is, how do you sniff potential scammers a mile away? Fret not, in this post, we share some of the common despicable tactics (as identified by the ESET research team) that are currently being used by scammers to defraud innocent souls.

  1. Malicious News

To appear as convincing as possible, the current retinue of scammers have resorted to impersonating authoritative sources, especially those concerned with disseminating news regarding the virus. Such include the world health organization (WHO) among many other firms.

As such, they will send you emails purporting to come from these sources that contain “vital information” regarding the disease to hoodwink you into clicking on their malicious links. Usually, such links may steal your personal information, install malware on your machine, or try to capture your password and login credentials.

Nevertheless, the good thing is that most of these organizations are aware of such fraudulent activities. And in a bid to end them, have come to the open regarding the issue. For instance, the WHO, on its website, offers advice on how it communicates and also elaborates on what to expect from their official emails.

As an example, one of the significant points reads:

“Make sure the sender has an email address such as ‘person@who.int’. If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO. WHO does not send emails from addresses ending in ‘@who.com’, ‘@who.org,’ or ‘@who-safety.org,’ for example.”

What’s more, the organization advises that all its web content starts with https://www.who.int/ only, no other domain is used.  Therefore, be sure to check on the URL of the email sent to you before clicking on it. If in doubt, input the address directly onto your browser to get the results. Most importantly, the WHO cannot start sending you emails without your subscription or prompt. 

On the other hand, if you wanted the real news regarding the pandemic, you can visit the dedicated WHO site or head to your national health care institution’s website. For instance, the National Health Service if you are a United Kingdom resident or Center for Disease Control and Prevention if you live in the US.

Alternatively, you can get real information from your usual trusted sources, but not from unsolicited emails.

In another case (as shown in the image below), the fraudsters are trying to impersonate the wall street journal by establishing a visually similar site (phishing site).

From the image, you can notice that the URL starts with ‘worldstreet’ while the wording on the webpage indicates ‘world street,’ which is a red flag.

By creating such a site, they trick people into believing that they are the real wall street journal, therefore gain some revenue from the advertisements placed there. Though the site may not track your credentials, the money generated goes to the wrong hands.

2. Appeal for donation

In another attempt to outsmart the would-be victims, cybercriminals are now packaging themselves as “genuine souls” out there to help in the war against the virus.  For instance, in a recent scam, fraudsters were attempting to persuade their audience to contribute towards the development of a vaccine for children in China.

An interesting fact about this example is that the perpetrators are riding on the popularity of an existing campaign by re-purposing its content with Coronavirus details. In another 2019 publication, we talked about how criminals were threatening their victims in an attempt to extort money from them.

Often, such corona themed scams will request you to send your donations in the form of bitcoins to a particular fraudster’s wallet. Though the trick might work on a few people, if done on a global scale can rake in colossal sums of money, which makes it attractive to the criminals.

3. Dubious purchases

The increasing demand for particular products such as face masks and hand sanitizers due to the pandemic has resulted in their short supply. Naturally, this has attracted fraudsters who, according to Sky News, have conned around £800,000 (US$1 million) from United Kingdom residents within February alone.

In an attempt to steal your money, the fraudsters will send you spam emails purporting to help you secure face masks. In case you unwittingly click on the provided links, your financial and personal credentials will be revealed to the fraudsters.

Therefore, you should always be on the lookout for such claims, and only purchase such items from a trusted dealer.

Final thoughts

These are examples of a few tactics currently being used by cybercriminals in their attempts of defrauding people their hard-earned money as a result of the current confusion brought about the COVID-19 stalemate.

Thus, as a business or individual, you need to remain vigilant regarding such antics, not only during such emergencies but also during other times.

As a way of minimizing your chances of falling victim to such schemes, you can always practice some of the following basics:

  1. Be worrisome of emails containing alarming messages regarding the pandemic and the need for immediate action; for instance, ordering for a vaccine or cure via the provided links.
  2. Avoid replying to unknown messages requiring your credentials; for example, those needing your bank details and identification number, among other sensitive information.
  3. Be proactive at identifying potential crowd-funding or fraudulent campaigns.
  4. Utilize well-known multi-layered security software, which includes protection against phishing.

More Importantly, ESET has been here for you for over 30 years. We want to assure you that we will be here to protect your online activities during these uncertain times, too.

Protect yourself from threats to your security online with an extended trial of our award-winning software.

Try our extended 90-days trial for free.