[NFBV-Fairfax] COVID-19 scams target PCs, phones

[amcarr1 at verizon.net]

Good Morning All,

Below is an article shared with me from a reputable source.  Please read and
be careful of computer, smart phone and telephone scams.


Annette Carr
President, Fairfax Chapter Virginia Affiliate
National Federation of the Blind


-----Original Message-----
COVID-19 scams target PCs, phones

By Marc Saltzman, Special to USA TODAY

 Cybercriminals are looking to profit from pandemic fears - using concerns
about a human-transmitted virus to spread computer viruses, if you will -
with a fresh crop of malicious software and scams.

 One of the first attacks in mid-March arrived in the form of an email
message from what appeared to be the World Health Organization, suggesting
you read an attachment with official information on how to protect yourself
from the coronavirus.

 Clicking the file from this impersonator, however, downloaded a hidden
installer to your computer that let cybercriminals have access to your data
lifted from your keystrokes. The email phishing campaign is one of several
coronavirus-related scams detailed recently by security firm Malwarebytes.

 Subsequently, the proverbial floodgates opened, with several fresh attempts
launched at defrauding Americans. This includes phishing scams, where an
email tries to lure you to a legitimate-looking site that asks you to login
to view safety information provided by United Nations officials or doctors
from the Centers for Disease Control and Prevention (CDC). It's phony, of
course, and could lead to identity theft if you input the information
requested.

 There is also coronavirus-related "ransomware" that locks computer files
until the victim pays the thieves to release them.

 The Justice Department recently filed a complaint against an Austin,
Texas-based website claiming to offer WHO vaccine kits for $4.95 in shipping
costs charged to their credit card. As of now, there are no legitimate
COVID-19 vaccines, the DOJ noted.

 Another scam looks like it's from Amazon and asks you to sign into your
account to get a free bottle of hand sanitizer with your next purchase. Of
course, it's also a fake.

 On a related note, Amazon has also removed over a million products from its
marketplace from those who either priced the items unfairly or made false
claims.

 COVID-19 scams target smartphones

 Some COVID-19-related threats specifically target your mobile phone, too.

 Malicious text messages are circulating, many of which are promising to
track the spread of coronavirus in real time, so you can be alerted when
it's growing in your community. But the Android app you're linked to, if
downloaded, can listen to you through your microphone, watch you through
your smartphone camera and comb through your messages.
(Cybersecurity experts say this new threat is a customized version of freely
available spyware called SpyMax.)

 Other text messages claim to link you to free masks from the Red Cross or a
$1,000 bank deposit by the federal government to help you during this
crisis.

 In other words, fraudsters and hackers are pulling out all the stops to
defraud you. The Federal Trade Commission just published a list of
additional scams and related threats, all tied to COVID-19.

 Tips to counteract coronavirus cons

 You don't need a degree in computer science to reduce the odds of falling
victim to a cyberattack or phishing scam tied to coronavirus, or otherwise.

 Here's some suggestions to escalate your security savviness:

 Think before you click.Never open an attachment or click on a link from
senders you don't recognize. Even if you think you know the sender, if it
seems odd they'd send you information like this, contact them (in another
way) to confirm it's the real deal (take note of new Facebook Messenger
scams that look like they're from friends).

 Verify the source. If you get an email, text or phone call that asks you to
urgently confirm your personal or financial information, it's fake. The IRS
or your bank will never ask for sensitive information in this way. When in
doubt, call the organization to ask if it was them (chances are, it won't
be). Forward all suspicious emails directly to your local and federal
government, at sites such as usa.gov/stop-scams-frauds. AG Barr also asked
the public to report
COVID-19 fraud to the National Center for Disaster Fraud at
disaster at leo.gov.

 Watch out for others. Warn your loved ones - especially those less
tech-savvy or the elderly - about the increased likelihood of scammers
trying to defraud through email, text message, social media or even a phone
call.

 Practice password safety. Create long and complicated passwords (or
passphrases), don't use the same ones for all your online activity and
change them every month or two. You can use a trusted password manager app
like Dashlane or LastPass.

 Play defense. Install good cybersecurity software on all your devices and
ensure you set to auto-update, in order to protect you from the latest
malware and other threats. Free cybersecurity software is better than none
at all, but it's prudent to invest in a reputable and comprehensive paid
version of anti-malware software.

 A new device called HakTrap (costs start at $9.99 monthly with a
$49.99 startup fee) plugs into your modem and protects home networks from
various online threats and hackers - especially ideal as many of us are now
working from home. Designed by former U.S. government cybersecurity experts
and brought to market in December 2019, HakTrap also protects smart home
products like surveillance cameras and video doorbells, baby monitors and
smart appliances.

 Be wise on Wi-Fi. Even though we're not going out much these days, don't
use free public Wi-Fi as you're more at risk compared to browsing on a
private wireless network at home (or turn your smartphone into a hotspot, as
it's also more secure). Remain anonymous online by using a VPN (Virtual
Private Network).

 Shop securely. Stick with reputable retailers when giving out your credit
card info and look for indicators that the site is secure, such as a little
lock icon on the browser's status bar or a URL for a website that begins
with "https" (the "s" stands for "secure").
Regularly check your bank statements and credit card bill for anything
suspicious charges.

 Have a backup plan. Finally, proactively back up your important information
on a regular basis. That way, if you fall victim to a virus or ransomware
and have trouble retrieving your information, it won't sting so much if
you've already put your important files onto a USB stick or external hard
drive, or uploaded them to a cloud service.