COVID-19 is an issue that has been on many people’s minds during the past few weeks. Unfortunately, scammers and other malicious actors are using people’s fears and uncertainties to take advantage of this crisis. Because of this unfortunate reality, I want to point out a few ways to identify potential scam messages for a more general audience.
I received this email a few days ago:
On first examination, this email does have some good information in it about risk factors for COVID-19. However, it goes on to request that the reader click the link to learn more about protecting their immune system. This is a common tactic used by scammers – providing well-known information to legitimize their message, followed by an urgent call to action to encourage their victim to respond before he or she has time to think about it.
The first and most important step in determining the legitimacy of an email or ad is to find out who it came from. One way to do this is to mouseover the “From” field to reveal the full email address of the sender.
This is an email I received from a marketing group at “googel.com”. Using an address that is a misspelling of a well-known website is another common tactic used by scammers. I’ve used it myself on several occasions when creating phishing campaigns for clients. For me, this is a huge red flag and would cause me to immediately discard this email.
Moving on, I want to determine what the sender wants me to do. In our example, I am being asked to click a link to learn more about boosting my immune system. The first thing I did was mouse over the link to where it was taking me.
In the email we are looking at, the link goes to “becombay.com.” I don’t recognize this website, although I suppose it could be trying to mimic eBay.com. It is certainly not one that I think I should be taking medical advice from. At this point, I am 100% positive this is a scam and should discard it.
However, I did something that you
should never do and clicked the link. I did this in a safe environment and with
full knowledge that I was likely going to a malicious website. You should
never click a link that you are not 100% sure about or open any attachments
that are not from a trusted sender and are expected. Clicking an unknown
link could install malware on your PC that could allow attackers to do a number
of things, including stealing data from your PC or taking control of it
Here’s what I found:
The website that loads is a shopping page for a supplement that claims to boost your immune system against coronavirus. It has blurb that says that quantities are limited due to the pandemic, and so you should order now. This is another common tactic among scammers to try to get their victims to respond immediately or urgently, before the victim has time to think about their actions.
I put fake information in the form, and the next page asked for shipping address and credit card number. If I put information in here, at best I would have ordered some supplement that is untested and unlikely to provide any protection from the coronavirus. At worst, I have given my personal information and credit card to a scammer.
This scam was easy to spot. The perpetrator put very little effort into disguising their intentions. However, some can be much more sophisticated. The scam emails may appear to come from an organization such as a bank that the victim does business with, or even from a government agency. For example, I was able to clone a bank website in less than five minutes. Any usernames and passwords entered are reported back to me. It is very easy for a scammer to do the same.
It’s not perfect, but it looks enough like the real website to possibly fool someone. Remember, the scammer’s goal is to get you to act before you think about what you are doing. The best advice to protect yourself is to slow down and examine urgent emails. Ask yourself, “who is this coming from and what do they want me to do?” If you cannot answer these questions with 100% certainty, do not click any links or open any attachments.
COVID-19 is a real threat. Many people wonder where they can go to get legitimate information in a sea of uncertainty. This is compounded by those in the world who are trying to maliciously mislead or take advantage of others’ fears and doubts. To help remedy this, I have compiled a list of links that offer legitimate information about the virus.
|Cdc.gov||The Centers for Disease Control has official information about COVID-19.|
|State & Territorial Health Department Websites||The CDC also maintains a list of State Health Departments for local information.|
|State Labor Offices||The US Department of Labor maintains a list of state labor sites. If you need unemployment information, this is a good place to start.|