What do scammers and hackers do when everyone in the world is panicking? Capitalise on it, of course! With COVID-19 on everyone's minds at the moment, it's now being used to manipulate people out of their money, account details and IT security.
Why use COVID-19 for malware?
The intention behind malware is to get information from you; whether that's banking information or passwords, it's your information that's of value. To do that, hackers have to figure out clever little ways to get you to part with that information. This is achieved through a nice incentive (a wealthy price is dead or dying, please send over your banking information to receive millions of pounds imminently) - or, with a threat (your email account has been compromised, quick, send us your login details so we can 'fix' it).
The second approach to malware is often more effective, because as soon as a victim starts to panic, they're more likely to make decisions quickly without thinking them through first. COVID-19 is the perfect vehicle for malware, because everyone is already a little on edge (if the toilet paper and pasta shortages are anything to go by). We're all a little more likely to click that weird looking link, answer that dodgy email and think it through later.
So how are hackers using COVID-19?
There are a number of different ways that malicious individuals are capitalising on this situation. In the past week we've seen phishing emails from scammers pretending to be companies we know, sending emails loaded with dodgy links to our inbox. Text messages from healthcare providers, announcing that there's been an outbreak in our area and to click this definitely-not-full-of-malware link to find out if we're at risk. To keep clear of these kinds of scams, we'd encourage you to follow guidance from our phishing article.
More recently, malware is appearing on sites and applications that are meant to provide information about COVID-19. One of the most worrying methods that we've seen is a malware infested version of the live coronavirus map, which is obviously getting a fair amount of traffic. If you want to find out more about this, you can read an article about it here. Essentially, the map is an accurate and up-to-date version of the coronavirus map, but is designed to be sent via email to be downloaded onto a victim's PC. This kind of malware doesn't immediately encrypt everything, but sits quietly on your computer, we assume collecting all your information in the background.
How can I avoid COVID-19 malware?
Our advice is to not open any attachments from senders you don't know; and if you're in any doubt about an email or attachment from a known sender, seek out the information online yourself rather than clicking any links. If the information is legitimate, it should also be listed online. In order to access accurate, non-malware infested information about COVID-19, please use trusted websites only.
Tweet us @TranscenditUK