[NFBV-Announce] COVID-19 scams target PCs, phones

[Joe Orozco]

COVID-19 scams target PCs, phones



 By Marc Saltzman, Special to USA TODAY

 Cybercriminals are looking to profit from pandemic fears - using
concerns about a human-transmitted virus to spread computer viruses,
if you will - with a fresh crop of malicious software and scams.

 One of the first attacks in mid-March arrived in the form of an email
message from what appeared to be the World Health Organization,
suggesting you read an attachment with official information on how to
protect yourself from the coronavirus.

 Clicking the file from this impersonator, however, downloaded a
hidden installer to your computer that let cybercriminals have access
to your data lifted from your keystrokes. The email phishing campaign
is one of several coronavirus-related scams detailed recently by
security firm Malwarebytes.

 Subsequently, the proverbial floodgates opened, with several fresh
attempts launched at defrauding Americans. This includes phishing
scams, where an email tries to lure you to a legitimate-looking site
that asks you to login to view safety information provided by United
Nations officials or doctors from the Centers for Disease Control and
Prevention (CDC). It's phony, of course, and could lead to identity
theft if you input the information requested.

 There is also coronavirus-related "ransomware" that locks computer
files until the victim pays the thieves to release them.

 The Justice Department recently filed a complaint against an Austin,
Texas-based website claiming to offer WHO vaccine kits for $4.95 in
shipping costs charged to their credit card. As of now, there are no
legitimate COVID-19 vaccines, the DOJ noted.

 Another scam looks like it's from Amazon and asks you to sign into
your account to get a free bottle of hand sanitizer with your next
purchase. Of course, it's also a fake.

 On a related note, Amazon has also removed over a million products
from its marketplace from those who either priced the items unfairly
or made false claims.

 COVID-19 scams target smartphones

 Some COVID-19-related threats specifically target your mobile phone, too.

 Malicious text messages are circulating, many of which are promising
to track the spread of coronavirus in real time, so you can be alerted
when it's growing in your community. But the Android app you're linked
to, if downloaded, can listen to you through your microphone, watch
you through your smartphone camera and comb through your messages.
(Cybersecurity experts say this new threat is a customized version of
freely available spyware called SpyMax.)

 Other text messages claim to link you to free masks from the Red
Cross or a $1,000 bank deposit by the federal government to help you
during this crisis.

 In other words, fraudsters and hackers are pulling out all the stops
to defraud you. The Federal Trade Commission just published a list of
additional scams and related threats, all tied to COVID-19.

 Tips to counteract coronavirus cons

 You don't need a degree in computer science to reduce the odds of
falling victim to a cyberattack or phishing scam tied to coronavirus,
or otherwise.

 Here's some suggestions to escalate your security savviness:

 Think before you click.Never open an attachment or click on a link
from senders you don't recognize. Even if you think you know the
sender, if it seems odd they'd send you information like this, contact
them (in another way) to confirm it's the real deal (take note of new
Facebook Messenger scams that look like they're from friends).

 Verify the source. If you get an email, text or phone call that asks
you to urgently confirm your personal or financial information, it's
fake. The IRS or your bank will never ask for sensitive information in
this way. When in doubt, call the organization to ask if it was them
(chances are, it won't be). Forward all suspicious emails directly to
your local and federal government, at sites such as
usa.gov/stop-scams-frauds. AG Barr also asked the public to report
COVID-19 fraud to the National Center for Disaster Fraud at
disaster at leo.gov.

 Watch out for others. Warn your loved ones - especially those less
tech-savvy or the elderly - about the increased likelihood of scammers
trying to defraud through email, text message, social media or even a
phone call.

 Practice password safety. Create long and complicated passwords (or
passphrases), don't use the same ones for all your online activity and
change them every month or two. You can use a trusted password manager
app like Dashlane or LastPass.

 Play defense. Install good cybersecurity software on all your devices
and ensure you set to auto-update, in order to protect you from the
latest malware and other threats. Free cybersecurity software is
better than none at all, but it's prudent to invest in a reputable and
comprehensive paid version of anti-malware software.

 A new device called HakTrap (costs start at $9.99 monthly with a
$49.99 startup fee) plugs into your modem and protects home networks
from various online threats and hackers - especially ideal as many of
us are now working from home. Designed by former U.S. government
cybersecurity experts and brought to market in December 2019, HakTrap
also protects smart home products like surveillance cameras and video
doorbells, baby monitors and smart appliances.

 Be wise on Wi-Fi. Even though we're not going out much these days,
don't use free public Wi-Fi as you're more at risk compared to
browsing on a private wireless network at home (or turn your
smartphone into a hotspot, as it's also more secure). Remain anonymous
online by using a VPN (Virtual Private Network).

 Shop securely. Stick with reputable retailers when giving out your
credit card info and look for indicators that the site is secure, such
as a little lock icon on the browser's status bar or a URL for a
website that begins with "https" (the "s" stands for "secure").
Regularly check your bank statements and credit card bill for anything
suspicious charges.

 Have a backup plan. Finally, proactively back up your important
information on a regular basis. That way, if you fall victim to a
virus or ransomware and have trouble retrieving your information, it
won't sting so much if you've already put your important files onto a
USB stick or external hard drive, or uploaded them to a cloud service.