When people feel uneasy and insecure, hackers feel empowered. Throughout the pandemic, criminals have leveraged fear to trick people into giving up sensitive information. Fear and uncertainty associated with the virus, along with millions of people working remotely, have created the perfect storm for criminals looking to cash in. Here are some scams to be aware of:
- Vaccine distribution: Scammers send emails or call potential victims posing as representatives of a local distribution agency who can help book vaccine appointments. They then pressure targets for information such as birth dates, Social Security numbers, and medical history. Other scam emails make false claims about the vaccine and then direct recipients to a malicious website with “proof”.
- Romance and relationships: Hackers are posing as lonely people in quarantine on social media and dating apps. As they build trust, they request personal information from the victim. In many cases, the hacker claims to be infected with the virus and asks for financial support due to hardship.
- Contact tracing cyber scam: State and local governments use contact tracing applications to anticipate COVID-19 hot spots and prepare communities. Cybercriminals are sending text messages claiming to be official contact tracing. The message instructs victims to visit a website for more details. Once there, the site infects their device with malware.
- CDC malicious attachment: In this scheme, the user receives an email supposedly from the Centers for Disease Control and Prevention (CDC). The email contains an attachment that claims to provide “official advice from the government on how to stay safe during the coronavirus outbreak.” Once opened, the attachment infects the computer with malware.
Scams and phishing attacks related to working from home and COVID-19 continue to be a significant issue. It is important to remain ever vigilant in protecting personal and institutional data from these threats. ITS will continue to simulate phishing and assign training to those most susceptible. If you believe you’ve been targeted by phishing, see Reporting a Phishing Message (How-to).
— Chris Mielke, ITS