This was originally a newsletter sent out on March 18th but given how current the information is, we decided to publish it on the site earlier than planned. To sign up for our newsletter, click here.
We know – things are a little bit crazy to say the least. We encourage everyone to not panic, stock up for a few weeks, if not a month or two (making sure there’s enough left for others), and take necessary precautions. Practice social distancing, always wash your hands, and limit unnecessary exposure.
That being said – emergencies like these can sometimes bring out the worst in people. When it comes to hackers and criminals, they know no bounds and the new coronavirus is only an opportunity for them to make new victims. Here’s what to look out for.
You want to learn more about the spread of coronavirus, so you search for an infection coverage map you might’ve seen on social media. You find a website, download it, and can now track the issue with more knowledge.
Hackers are injecting malicious code into these maps, knowing people are looking for more info. You can avoid this by only going to trusted websites and avoid downloading any files – these maps should be available as webapps anyway. An option to download only opens you to more risk.
Moving with impressive speed, hackers are now attacking inboxes with a flood of fake emails ranging from looking like HIV and coronavirus test results to statements from official organizations like the CDC and WHO.
These emails work just like most hackers’ emails – a document, organization, or information is faked and you’re asked to download a file (like a test result) or click through to a website. When you do, your computer is likely to get hit with malware. Before downloading or clicking a link on an email, make sure you trust the sender.
Hackers are going one step further and sending out phishing and malicious emails around subjects related to coronavirus. Some promise tax refunds as a form of ‘relief’ because of the virus, while others ask for donations in the form of bitcoin, promising that the money will go to organizations fighting the virus.
Don’t fall for it.
Check Point, a cybersecurity company, found that coronavirus-related domains registered since January 2020 were 50% more likely to be malicious than any other domain registered in the same time. Hackers are good are reacting quickly and often use people’s own interests against them. These sites can drop malware on your device, steal your info, or take your credit card data by promising to sell masks, hygienic products, or outright cures. Again, look for legitimacy.
Hackers employed by other governments are also creating websites designed to steal information and amass databases of citizens from other countries. While they may not be targeting you or the US, it’s important to know what incentives hackers have and the methods they use.
The Washington Post reported that Russian, Chinese, and North Korean hackers were putting up fake coronavirus information sites and asking for visitors to put in their personal information. It’s just another way to conduct information warfare.
Lastly, an Android app called COVID-19 Tracker was found to be distributing ransomware and locking people out of their phones. The app disguised itself as a coronavirus map tracker but, once installed, infected phones with ransomware and asked for $100 in bitcoin before giving victims access to their own phone again.
The app wasn’t available on Google’s Play Store and was instead found on a website that appeared in searches for coronavirus apps. Fortunately, the website has been taken down, but that’s not assurance that similar apps won’t pop up in the future