Amongst growing fears of this global pandemic, Coronavirus scams and malicious websites are on the rise. The latest news from the Health Sector Cybersecurity Coordination Center (HC3), a new malicious website is circulating on the internet that targets unsuspecting users. True to their selfish nature, cybercriminals are taking advantage of public panic about the global Coronavirus pandemic for their own selfish goals. Now, of course, this concept is nothing new.
Cybercriminals are always looking for the next best thing to take advantage of. But that doesn’t mean that it isn’t a serious issue that you can simply ignore. Moreover, it can heavily impact your savings and investment funds. It is especially dangerous for crypto savings as the scammers show ongoing interest in these funds and use pandemic as an instrument to access personal data.
So, what is this new phishing website and why should you be concerned about it? And what are some of the other Coronavirus scam tactics that cybercriminals are using to take advantage of the global pandemic?
Let’s hash it out.
Top Coronavirus online scams to be aware of
Coronavirus tracker map
When something’s wrong, people frequently turn to the internet to get the latest information. Cybercriminals know this and are creating fraudulent websites that impersonate real, reputable authorities. Their latest tactic? Live tracker websites.
In truly low-life fashion, some schmuck decided to create a phishing website, coronavirus-map[dot]com (and, no, please don’t type that into your browser), that appears to be a legitimate COVID-19 live tracking map for the virus. In this case, HC3 reports that the cybercriminals were impersonating Johns Hopkins University, a world-renowned health institution, to infect website visitors with the AZORult trojan. This program infiltrates a wealth of sensitive data that can be sold on the dark web or used to commit cybercrimes, including cryptocurrency theft.
Coronavirus fake websites
Scammers will also set up fake coronavirus-related websites that offer “cures” (both natural and pharmaceutical), vaccines, testing kits, and prophylactic items in short supply such as face masks.
They may also offer other popular and in-demand items at an extremely low price.
These phony websites will try to steal your financial information, including crypto coins, and they could also infect you with malware. However, it could also be worse. Some of these sites could put your health at risk by sending you products that are substandard in quality (used, damaged or expired) or outright dangerous.
In general, Coronavirus themed cyber-attacks and phishing websites are becoming a lot more common as coronavirus fake news blasts from virtually every media outlet. In addition to users finding the website organically through web searches, the website was circulated via a variety of other tactics, including:
- malicious links and attachments in emails
- social engineering, and
- online advertising.
This newly discovered threat follows on the heels of other cyber scams, including other Coronavirus-themed malware and phishing emails.
Coronavirus phishing emails with malware
The overwhelming amount of news coverage surrounding the novel coronavirus has created a new danger — phishing attacks looking to exploit public fears about the sometimes-deadly virus.
How does it work? Cybercriminals send emails claiming to be from legitimate organizations with information about the coronavirus, if you click on the attachment or embedded link, you’re likely to download malicious software.
The malicious software — malware, for short — could allow cybercriminals to take control of your computer, log your keystrokes, or access your personal information and financial data, which could lead to identity theft.
Coronavirus-themed phishing emails can take different forms, including these.
CDC alerts. Cybercriminals have sent phishing emails designed to look like they’re from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of coronavirus cases in your area. “You are immediately advised to go through the cases above for safety hazards,” the text of one phishing email reads.
Health advice emails. Phishers have sent emails that offer purported medical advice to help protect you against the coronavirus. The emails might claim to be from medical experts near Wuhan, China, where the coronavirus outbreak began. “This little measure can save you,” one phishing email says. “Use the link below to download Safety Measures.”
Workplace policy emails. Cybercriminals have targeted employees’ workplace email accounts. One phishing email begins, “All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you’ll download malicious software.
Specific scamming for crypto Investors
Scammers may be hunting for naive Bitcoin investors during times of panic. The latest Coronavirus precautions and lockdowns also mean dishonest crypto-related players may attempt to scam buyers into losing their money. The crypto space has never lacked scams and problematic exchanges. But with Bitcoin falling toward $5,000, new buyers may not be aware of the risks of trading such crypto frauds. Exchanges crop up all the time, reporting extraordinary trading volumes. But those markets may turn out to be unreliable, potentially ending in an exit scam.
Buying BTC right now opens up a whole can of worms for newcomers. Usually, using a wallet is straightforward. But the wallet scams are not rare. Users must be aware to avoid downloading wallets from links sent through chat or emails. Even GitHub pages may contain wallets with malicious injections, or those that manage to send out the newly generated private keys over the Internet. Wallets may also create tainted seed phrases, which are known to the malicious actor that planted the wallet.
Extra vigilance may be required when downloading wallets for Bitcoin or other crypto coins. This type of scam has been around for a long time, but the new coronavirus measures may revive the attempt to steal coins. The other risk involves the pressure to buy Bitcoin and pay ransomware demands, or extortion emails. Those types of scams may increase, to feed off the general sense of chaos.
The researchers have recently uncovered a new ransomware threat that’s trying to cash in on the coronavirus mayhem. The new ransomware “CoronaVirus” pretends to provide downloads for the WiseClearner app.
When users download the fake applications, it activates a file, WSHSetup.exe that downloads the CoronaVirus Ransomware as well as the Kpot Infostealer trojan virus.
This virus encrypts the user’s computer and demands a payment in Bitcoin in order to restore access to the computer’s files and folders.
The other type of scams may include Ponzi schemes or promises of passive income. Putting Bitcoin or any other crypto into these schemes has a big potential for losses. Social media, and especially Discord and Telegram channels are also some of the usual vectors for spreading scams and fake schemes.
The other risk is to be drawn into high-leverage BTC derivative trading, instead of just diversifying with actual Bitcoins. Derivative betting on the price of BTC, especially given current volatility, may be extremely risky, and lead to deep losses. The price slide of Bitcoin may continue, as pessimism has gripped the markets. But holding onto actual coins is still better than falling for an outright scam. The best approach is to be skeptical of newly created exclusive offers, especially those promising high returns.
How to avoid Coronavirus scams?
Here are some tips to avoid getting tricked into coronavirus scams.
- Use only reliable sources for pandemic news – this includes only government websites and health-care agencies.
- Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
- Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.
- Beware of online ads and do not follow them in any case
- Do not send your money or bitcoins to any donations against the virus. Any appearance of your personal information on the web can ruin your crypto safety.
- Do not use online wallets, keep all crypto keys offline.
- Use only anonymous crypto exchanges for transactions, such as Godex.io, to prevent personal data leakage.
- Avoid derivatives trading and Ponzi schemes – the crisis times are not the best ones for risky trading.
- Equip your devices with up-to-date antimalware programs and anti-virus software to guarantee full protection.
Scammers will use any fear tactic they possibly can to extort victims — that much is perfectly clear. They thrive in chaos and panic raised in the pandemic period becomes their best friend. People just lose their minds and forget about common-sense precautionary measures protecting their individual data. Remember that the security of your private funds, including crypto safety, is your personal responsibility. Therefore do not deal with unsolicited emails, online offers and gather the recent coronavirus news only in reliable sources. Do not forget that the crypto market is more vulnerable than ever in crisis, therefore use only trusted exchanges, keep your wallets online and double-check sources before investing in anything.
Stay safe and healthy both in your offline and online worlds.