Watch Out for Coronavirus Cybersecurity Scams

Information compiled by CyberWyoming from mulitple sources in the news. A big thank you to the Cybersecurity Collaborative’s Morning Security Report, Scambusters.org, CISA, ZDNet, the FTC, SCMagazine, and the Hill for publishing the information summarized below.

There has been a huge surge in COVID-19 related scams. Be suspicious if you are asked for personal information or money. Protect yourself by only downloading apps from reputable sources, taking an extra minute to question emails, checking the validity of the website, and even questioning your snail mail. When in doubt, look up the phone number and call.

This list is updated almost daily so keep checking back. New scams will be loaded at the top.

To download the FTC’s infographic, visit https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing
To generally monitor scams, check out www.ftc.gov/coronavirus

Scambusters.org Top Name Retailer Alert: If you receive an advertisement on social media for COVID coupons, grants, or food relief from retailers like Walmart or Target, these are not real.  Scammers are impersonating these organizations to get you to click and then they try to steal your personal information.

South Dakota Department of Public Safety Data Breach: According to the Rapid City Journal, South Dakotans whose COVID-19 status and other personal information was collected by state agencies may be subject to a data breach that is being investigated by the FBI. The information that may have been breached was name, address, date of birth and COVID-19 status.
https://rapidcityjournal.com/news/local/fbi-investigating-south-dakota-covid-19-patient-data-breach/article_171b9b4c-e94d-555b-9d72-bb4d40169ddb.html

FTC Work At Home Scam Alert:  If you receive a phone call about a work-from-home opportunity for business coaching, it is a high pressure scam that requires you to purchase a program and marketing materials to ‘be successful.’  Be sure to check out the FTC’s consumer scam alert website or call AARP’s Fraud Alert before you spend any money.

Scambusters.org COVID Scam Alerts:  Fake pet sales, romance scams on dating sites to gain stimulus payments, and stolen identities to claim unemployment checks are three of the latest COVID related scams.  Advice: don’t wire money or use gift cards as any payments, be suspicious on dating sites if your love interest requests money to pay for a family member with COVID, and monitor or put a freeze on your credit. 

Wyoming Department of Workforce Services (DWS) Alert: Since the unprecedented increase in Unemployment Insurance claims began in mid-March, DWS has discovered over 1500 fraudulent unemployment claims including stolen personal information (even from State employees) to file an unemployment claim.  If you have not filed an unemployment claim but receive a letter or a US Bank debit card from the DWS Unemployment Insurance division, please report it to the State at wyomingworforce.org under UI Fraud Reporting.

Fake COVID News Alert from Scambusters.org:  Suspected state-backed agencies from China, Russia, & Turkey are reported to be targeting the West with misinformation about the COVID outbreak with the goal of undermining trust in public institutions.  Things to ask yourself as you read: where is it from? What is it missing? And does the message go for a divisive or emotional response?  Also, use a fact checking website like Snopes or others – a few are listed here https://research.ewu.edu/journalism/factcheck.

Identity Theft Resource Center CashApp Scam Alert:  Social media users and recipients of emails/texts may be targets of a scam that offers would-be victims’ free money via CashApp to help them through this difficult COVID-19 time.  Victims click on a link to participate, but the link is fraudulent. 

Identity Theft Resource Center COVID-19 Grandparents Scam Alert:  If you receive a phone call or email from someone claiming to be a family member in trouble and in need of money to pay their COVID-19 hospital bills, it is most likely a scam, even if they know many personal details about your family member.  Never make a payment over the phone.  Hang up and call your family member directly. 

Fraud.org Warns of Utility Scams:  With many Americans out of work, some are wondering how to keep the lights on and this has become the subject for scammers.  If you receive a call from the electric utility company saying your power will be shut off over an unpaid bill, hang up and call the electric company directly.  If they ask for immediate payment via a wire transfer or gift card, then you know it is a scam.  Remember that all 50 states have placed moratoriums on disconnections because of COVID-19 and take a deep breath.

Outdoorsy Scam Alert:  Watch out for fake RV, boat, and related outdoorsy equipment scams.  Crooks are using fake local addresses and websites to look legitimate.   Be suspicious of anything that has a huge price cut and beware of anyone asking for a wire transfer as payment.

Scambusters.org Alert About Mask Exemption Cards:  There are no official mask exemption cards available at this time and online scam sites are fraudulently using names and logos of government departments, like the Department of Justice and the Americans with Disabilities Act.  If you are traveling to a state where masks are deemed mandatory, it would be best to carry a doctor’s note if you can’t wear a mask because of a disability.

Cryptocurrency Scammers Using COVID:  Scambusters.org reported four different COVID cryptocurrency scams.  The first one is phishing email that pretends to be rom one of the big cryptocurrency exchanges and says there is a coronavirus alert they need to log-in to get the information on, but the link takes you to a fake log-in and they steal your credentials and drain your cryptocurrency account.  The second one is as scam asking from charities, the CDC, or the WHO asking for cryptocurrency donations to fight the pandemic.  The third is where scammers claiming to have medical supplies and devices are sometimes asking for cryptocurrency.  The last one is a scare tactic where scammers claim to have COVID, know where you live, and will infect your family if you don’t pay them their cryptocurrency extortion demands.

FBI Alert about Business Email Compromise (BEC) during COVID:  Scammers posing as existing clients of a company have researched the senior executives and message them posing as known suppliers saying invoices should be paid to a different account.  CyberWyoming recommends always calling your vendors to confirm any financial account changes.

IRS Alert COVID Scams Targeting Stimulus Checks:  The IRS would like to remind you that they never communicate via social media, text message, phone calls, and email to discuss stimulus payments.  If you receive a message from the “IRS” via these methods it is a scam.

Fake COVID-19 Contact Tracing Apps Infect Android Phones:  Researchers have found 12 Android applications disguised as official COVID-19 contact tracing apps, but their real purpose was installing malware onto the devices.  Do not install a contact tracing app on your phone unless instructed to do so by a public health officer.  Confirm that person’s identity to ensure you aren’t being scammed. (darkreading.com)

Stimulus Check: Think you should have received a stimulus payment but didn’t? It might have been stolen. First, check on your payment status at https://www.irs.gov/coronavirus/economic-impact-payments. If your payment has been issued but didn’t arrive, file a complaint at www.identitytheft.gov — that will start the ball rolling and create an affidavit that can be submitted to the IRS. (scambusters.org)

College Student Stimulus Check Scam:  Students have been receiving messages pretending to come from their school or college. It claims they have to access a portal for information on stimulus payments using their college log-in details. The link leads to a phony college sign-on page, enabling the crooks to steal usernames and passwords. (scambusters.org)

Stimulus Debit Cards Not a Scam:  For those who don’t have a bank account or whose details are unknown to the IRS, the stimulus payments are sent via debit cash cards.  This is not a scam.  The IRS is sending out 4 million of these.  BUT, if you receive a phone call from an “IRS Agent” asking for your card number and PIN, this is a scam. (scambusters.org)

FTC Dashboard:  The FTC has issued a new online dashboard by State outlining the types of COVID-19 scams.  In Wyoming, the top reports were about travel/vacations, online shopping, and government imposter scams.   https://www.consumer.ftc.gov/blog/2020/06/what-do-covid-19-scams-look-your-state

Scambusters.org Warns of 5 New Coronavirus Scams: 

  1. The US Federal Trade Commission (FTC) has warned another 50 firms about making unproven or misleading claims about products they suggest can help treat or prevent the virus. Company names here: https://www.ftc.gov/news-events/blogs/business-blog/2020/05/50-more-ftc-warning-letters-say-enough-questionable?utm_source=govdelivery
  2. Malware-infected Excel spreadsheets are being sent out as email attachments purporting to come from respected organizations. The spreadsheets supposedly carry data and updates on the pandemic. Don’t click on them!
  3. Crooks are posing as members of contact tracing teams. They make calls or send out messages saying the recipient may be infected and then ask for personal details such as Social Security numbers and financial account details. Genuine tracers won’t ask for this information.
  4. Scammers are cashing in on stay-at-home victims’ desires for pets as company. Posing as breeders, they offer pets at outrageous prices and then simply disappear with the money. (Note that we have seen this one in Gillette.)
  5. Don’t believe the latest “free groceries” scam that claims retailer Target is giving away products. A text or email message says the recipient is entitled to $175 worth of groceries. But, if they click the link in the message, all they end up with is malware.

Microsoft Warns of Malicious Excel Files:  Emails claiming to come from the John Hopkins Center bearing a ‘WHO COVID-19 SITUATION REPORT’ Excel file that supposedly shows a graph of supposed COVID cases in the US has malicious macros.  If you receive this email be sure not to open the attachment. https://www.infosecurity-magazine.com/news/microsoft-warns-of-massive-covid19/

FTC COVID-19 Contact Tracing Text Message Scams:  Real contact tracers are hired by the State Health Department and do not ask for personal or financial information, like a social security number, bank account, or credit card number.  Anyone who does is a scammer.  The FTC has reported spam text messages with malicious links claiming to be COVID contact tracers.   

FTC Alert – Stimulus Checks and Nursing Homes:  If you or a loved one live in an assisted living facility or nursing home and are on Medicaid, please note that the stimulus checks were not intended to be signed over to the facility.  According to the FTC, the stimulus checks are a tax credit and tax law says that tax credits do not count as resources for federal benefits programs, like Medicaid.  Thus, these facilities may not take that money from their residents just because they are on Medcaid.

YouTube COVID-19 Video Alert:  A BBC study (https://www.bbc.com/news/technology-52662348) of YouTube videos concerning COVID-19 found that 25% of the videos contained misleading and inaccurate information.   Be skeptical of anything you read online and check sources. (scambusters.org)

US Department of Treasury:  Malicious emails pretending to be the Treasury Department were recently discovered.  The email says payment for a government contract was not paid due to incorrect banking information and then prompts the user to download a document and review it for any mistakes.  The email adds a sense of urgency saying that if they don’t hear back, the money will be used for the Government’s coronavirus disaster relief.  For more information, check out the article at Bleeping Computer: https://www.bleepingcomputer.com/news/security/fake-us-dept-of-treasury-emails-spreads-new-nodejs-malware/

Coronavirus Insurance Scam:  Fake insurance agents using high pressure telesales tactics are trying to convince victims that there is coronavirus insurance.  If you get a call offering this protection, it is almost certainly fake.  Call the Wyoming Department of insurance if you get one of these calls to see if the agent is listed. (scambusters.org)

DocuSign Phishing Campaign:  A new phishing campaign that targets DocuSign users on Office 365 features COVID-19 as a lure to convince them to provide their user ID and password. The fake DocuSign login page looks very real and involves redirecting the link 3 times to make it harder to tell where you actually are on the web. (darkreading.com via the Cybersecurity Collaborative’s Morning Security Report)

FTC and USPS Publish List of COVID Scams and Claims:  The USPS has issued a public service announcement about COVID scams they are seeing in the mail including scams about stimulus checks, COVID cures, personal protection equipment, malicious websites and apps, phishing and extortion emails, robocalls and hoax calls, providers, and investments.  https://www.uspis.gov/coronavirus/  For a list of companies that are making erroneous or misleading claims about COVID-19, the FTC has started a list at the following URL.  Before you buy a COVID related product be sure to research whether the it is real.  https://www.ftc.gov/news-events/press-releases/2020/04/ftc-sends-21-letters-warning-marketers-stop-making-unsupported?utm_source=govdelivery

Paycheck Protection Program Scam:  Thanks to the Wyoming Nonprofit Network for reporting this scam that affects businesses and organizations.  The scam involves a malicious PDF downloaded from Dropbox. The subject line is IRS GOV sent you “COVID-19 PPP LOAN UPDATE.pdf.” The email tells you contact the IRS from disastercustomerfunding@sbaa-gov.com. Do not download the file or use the email address provided.

The US Census Bureau is not Emailing the Average Resident: For the 2020 Census counting, the government will mail you information, or deliver information to your door. Then, door to door counters will begin.  The census schedule has been pushed back because of the coronavirus. There are no coronavirus questions on the 2020 Decennial Census.  However, the US Census Bureau has started a small business and household pulse survey to track the changes to business during the pandemic.  If you receive an email about this, go directly to the census.gov site to take the survey.  Be aware of links that could be in scammer emails copying the actual US Census email. All communications from the Census Bureau regarding the Small Business and Household Pulse Surveys, including all emails and the link to the survey, will originate from a census.gov domain. (Information from a census official in the Dallas Regional Census Office)

Over 130 Coronavirus Scams Compiled by Self.Inc: I knew there were a lot of scams out there, but holy cow! 130! https://www.self.inc/info/coronavirus-scams/

SSI & VA Recipients with Dependents Under 17:  If you did not pay taxes in 2019 or 2018 May 5th is the real deadline to file a form with the IRS to get the $500 dependent benefit checks. https://www.consumer.ftc.gov/blog/2020/04/economic-impact-payments-may-5-deadline-some-ssi-and-va-beneficiaries-kids

FTC Alert Links in Text Messages:  The FTC (Federal Trade Commission) wants you to know that if you see a link in a text about economic impacts, small business loans, at home quarantining, or an offer for money, that these text messages are usually scams.  The government does not text or email you.  These scams have been spotted in WhatsApp.

FTC Alert for Small Business:  Only get information about the Paycheck Protection Program from trusted sources.  One is sba.gov/coronavirus. Scammers are hoping to trick you into giving them sensitive business information like bank account numbers, employee SSNs, and your money.  You never have to pay in advance for a government loan. (Federal Trade Commission)

The US Census Bureau is not Emailing You:  Not only are there door to door scammers asking for personal information as part of a Coronavirus data gathering exercise, but bad actors are also sending emails saying they are official inquiries from the US Census Bureau. The Census does not involve questions about the coronavirus. (scambusters.org)

Costco COVID Stimulus Package Scams:  Costco is being impersonated in emails and texts proclaiming you will get $110 goodies from Costco.  Recipients are asked to click on a link to complete a survey, but the link downloads malware. These are not from the real Costco. (scambusters.org)

Fake UPS, DHS, and FedEx Package Delivery Scam:  There is a new wave of phishing email scams that impersonate shipping carriers like FedEx, UPS, and DHS.  The emails say that a package can’t be delivered or will be held up due to government lockdown during the coronavirus crisis.  Then, it instructs users to make corrections to the attached shipping document which installs malware. (bleepingcomputer.com)

Employment Scams:  With unemployment on the rise, the old scam of “I can find you a job if you pay a fee” is resurfacing.  Reliable employment agencies earn their money from employers, not potential employees.  Other indications that this may be a scam is if you are requested to pay in advance for supplies, equipment, training, background or drug tests.  Check with the potential employer to make sure they are legitimate and never accept a job that requires you to forward goods or money. (scambusters.org)

Social Security Recipients Targeted in Latest Coronavirus Scam:  If you receive a letter from the US Social Security Administration saying your social security payments will be suspended due to the coronavirus, it is a scam.  Do not call the phone number as they will only try to get your personal information.  If you have questions, call the actual Social Security Administration (1-800-772-1213) or report the scam at https://oig.ssa.gov. (Reported by scambusters.org)

VP Mike Pence and the White House are Not Emailing Us:  If you receive an email with the subject line “Coronavirus Guidelines for America” or “The White House Instruction for Coronavirus” with a prompt to download a link to a document, this is a scam.   The link takes the reader to a fake White House website to download the full document and that Word document contains malicious code.  Another scam is an email impersonating VP Mike Pence and is an extortion email saying that Pence has evidence that you are involved in illegal activities and he wants to reach an agreement before he talks to the President. For screen prints of the scam, check out Bleeping Computer at https://www.bleepingcomputer.com/news/security/phishing-emails-impersonate-the-white-house-and-vp-mike-pence/

Fake COVID Test Kits Scam: Fake COVID test kits are being peddled door to door, with scammers playing on fear and uncertainty.  While there have not been reports about this in Wyoming yet, please be aware that this is a scam. (scambusters.org)

FTC Alert about Relief Checks:  As long as you filed taxes in 2018 or 2019 or are a social security recipient/railroad retiree, you do not need to do anything to receive your COVID relief check.  If you want to set up direct deposit, communicate only with the IRS at www.irs.gov/coronavirus. The real federal government will not ask you for any personal information via email, text or call and no one has early access to this money.  (FTC.gov scam alerts)

Beware of Fake Zoom Installers:  Zoom is a popular videoconferencing platform. Be sure to only download Zoom from zoom.us.   Three fake Zoom installers have been reported by experts that install malware. (Bleepingcomputer.com)

Beware of Fake Skype apps: Suspicious malware and adware packages are being disguised as the well-known videoconferencing applications called Skype, Zoom, WebEx, GoToMeeting, Flock and Slack, with the highest percentage of targets through fake Skype applications.  Only download these applications from the manufacturer’s websites or reputable app stores.  (threatpost.com)

Small Business “Google” Listing Scam:  If you receive a recorded call about your Google small business listing this is a scam. Here is the wording:  Hello, please do not hang up.  If you are a small business that has been affected by the coronavirus press 1 to ensure your Google listing is correctly displaying, otherwise customers may not find you online during this time. Press 1 to ensure your Google listing is displaying properly during this coronavirus outbreak.  Press 2 to be removed from our list.

FTC Alert about Relief Checks:  As long as you filed taxes in 2018 or 2019 or are a social security recipient/railroad retiree, you do not need to do anything to receive your COVID relief check.  If you want to set up direct deposit, communicate only with the IRS at www.irs.gov/coronavirus. The real federal government will not ask you for any personal information via email, text or call and no one has early access to this money.  (FTC.gov scam alerts)

You’ve Been Exposed to the Coronavirus Scam: This scam was discovered by KnowB4. The phishing email is supposedly from an official at a hospital and says that the recipient has been exposed to the coronavirus.  The email instructs them to download an attached Excel spreadsheet and proceed to the nearest emergency clinic.  The spreadsheet contains malware. Rule of thumb: call the sender before you download or click on a link. https://www.techrepublic.com/article/phishing-emails-claim-recipient-has-been-infected-with-coronavirus/

Coronavirus Scam 1:  The World Health Organization (WHO) is not sending emails about the coronavirus to individuals.  The emails have malicious Microsoft Word documents attached.  If you get an email from the WHO be extra suspicious.

Coronavirus Scam 2:  Downloading maps of the coronavirus outbreak is not advised.  Some of the maps have malware that steal passwords, user names, credit card numbers and other sensitive information.  Be sure to view maps only from credible sources like known newspapers and state/federal/local government webpages.

Coronavirus Scam 3:  The FTC and the FDA are warning you to be on the lookout for scammers taking advantage of the coronavirus scare.  Seven sellers claiming to have products to treat or prevent the coronavirus were issued warning letters: Vital Silver, Aromatherapy Ltd, N-ergetics, GuruNanda LLC, Vivify Holistic Clinic, Herbal Amy LLC, and the Jim Bakker Show.

Bank of the West Beware of Coronavirus Scams Alert:  Please know that Bank of the West will never email or call you asking for your username, password or a one-time Passcode (OTP). You should never share any of these details with anyone contacting you.

Fake News and the Coronavirus:  Scambusters.org has issued a warning to be sure to check coronavirus news that you may see on social media or online with www.factcheck.org.

CISA (Cyber & Infrastructure Security Agency) Alert Working From Home and the Coronavirus:  Working from home can introduce vulnerabilities into your business network.  CISA has said that companies that use VPN (virtual private network) software should make sure it is up to date with the latest software as volumes of telecommuters increase.  They are also recommending enacting multi-factor authentication.  Employees working from home should be hyper aware of phishing emails targeting teleworkers.  CyberWyoming also recommends that teleworkers ensure they have up to date antivirus software, the Windows Defender firewall turned on, their Windows systems updated, and ensure that their wireless router updated and secured with a difficult password.  Many home users forget to change the default administrator user ID password from the default and this is an open door to hackers. 

Coronavirus tracking app locks Android phones:  A new type of ransomware called CovidLock is targeting Android phones.  It performs a screen-lock by forcing a change in the password required to unlock a phone.  The ransomware program also threatens to erase contacts, photos, videos, and leak social media accounts. Do not download any apps offering statistics on the coronavirus.

Coronavirus travel scams: Scammers have been caught sending emails about changed travel plans, travel safety, and products related to travel.  The aim is to harvest your credit card.  Be extra suspicious of emails from the travel industry.  For instance, make sure that email you got from United is actually from United.  Check directly with your airline before clicking on a link. (scambusters.org)

Money Mule & Job Websites:  Money mule scammers try to rope people into money laundering schemes under the pretense of a work-at-home job offer.  With more people out of work due to the coronavirus, this widens the scammer pool.  These scammers use legitimate job searcher websites, like Monster, but often create fake employer accounts.  One example is vastyhealthcarefoundation.com or globalgiving.org.  These websites say they help coronavirus victims, but they are scams.  To verify a business is legitimate and the website is actually theirs, check with the Better Business Bureau or Guidestar.

Fake Coronavirus Dashboard Sites: Attackers are designing coronavirus websites in order to prompt you to download an application (with malware) to keep you updated on the situation.  Many of these websites pose as genuine maps for tracking the coronavirus.  Double check that the website you are accessing is from a reputable company and never download anything from a new site – stick with the State and the CDC.  Even the Johns Hopkins University website was hijacked last week to create a malware downloadable bomb.  (Scambusters.org)

Coronavirus Typosquatters:  Ever see a website that is one letter off from what you would have expected? This is called typosquatting and hackers hope you won’t notice.  They copy the branding of the real site and encourage you to download malicious files.  This was done recently to the Vanderbilt University Medical Center in Nashville.  The typosquatters eliminated the ‘I’ in Vanderbilt, which would be very hard to spot.  (scambusters.org)

Decoy Coronavirus Health Advisory:  A well known hacker called APT36 is using a decoy coronavirus health advisory with a Word document (RTF file) or Excel spreadsheet (with macros) to spread malware that captures screen shots, steal credentials, and snoop on your computer.  As a reminder, do not open any attachments from unknown sources even if that source looks official. 

Alert from the Director-General of the World Health Organization:  If you receive an alert from the Director-General of the World Health Organization it is most likely a scam containing malicious keylogging software.  Keylogging software tracks your key strokes and is often used to gain your user IDs and passwords.

FBI Alert: Watch for phishing emails that push fake government stimulus checks as bait to steal personal information. 

Coronavirusmedicalkit.com shut down by the Department of Justice:  The coronavirusmedicalkit.com, a website that claimed to be associated with the World Health Organization, was taken to court and issued a temporary restraining order by the Department of Justice for selling fake vaccine kits. (threatpost.com)

New York Attorney General Asks Internet Domain Name Registrars to Crack Down on COVID related domains:  (zdnet.com)  With so many coronavirus scams on the internet, NY state officials have asked for help to identify scammers from six companies that register domain names: GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance International Group which owns Bluehost, Domain, and HostGator.  So far, only Namecheap has offered to take additional proactive measures.  What this means to you?  Only go to reputable websites for information about COVID.

Washington Associated Press Reports Medicare Coronavirus Scams: Senior care kits, vaccine kits, and more are being falsely advertised online. Scammers are trying to gain senior medicare numbers and social security numbers. Do not give out any personal information as a result of an email or a website address.

Twitter, Coronavirus, and Hackers:  Hackers have taken over a wave of Twitter accounts to aggressively advertise a website called Masks 2 U that claims to be selling face masks and toilet paper. (vice.com)  Beware of any social media advertising related to shortages, stimulus checks, and the coronavirus.

Share:

Register to Receive the Tech Joke of the Week!

This Week's Joke:

How many programmers does it take to change a light bulb?

None, it is a hardware problem!

More Posts: