Beware the coronavirus scammers
We love to see the world with rose-coloured glasses: people are nice, everyone is friendly, and the planet is a good place. But every now and then, we’re reminded not to be so naive. Ever since the coronavirus popped up its ugly, germ-filled head, scams have occurred on just about every platform, from Facebook to Amazon. “As with any news story, criminals will use this as a pretext for scams,” says Alex Hamerstone, GRE practise lead at TrustedSec, an ethical hacking firm hired by Fortune 500s to try to hack into networks and employees to prevent real attacks. “Coronavirus also preys on people’s fears, so it really is the perfect storm for a scam pretext.”
When it comes to online scams, the biggest risk consumers and businesses will face is from phishing emails that impersonate WHO, or other health agencies and insurers, says Karim Hijazi, CEO of Prevailion, a company specialising in intercepting data from hacker networks. “Cybercriminals have a lot of resources at their disposal nowadays which enables even less sophisticated crews to carry out rather advanced phishing campaigns,” Hijazi says. They can buy phishing kits and malware tools online, rent botnets to launch their attacks and find bulletproof hosts to support their malicious domains. “What the average person needs to realise is that phishing scams may often look identical to the same thing,” he says.
Now’s the time that you may see ads offering prevention, treatment, or cures for the coronavirus. Sounds too good to be true? It is. And if there’s a really big medical breakthrough, the last place you’ll hear about it is via an ad sent to your inbox in the form of a sales pitch. Consumers should look at the return path in the email to see where it really originates from, Hijazi says. “Hackers can easily spoof any domain they want in the email header that shows up in your inbox, but they can’t do that with the return path,” he says. “If the return path shows a different domain or email address, then you know it’s a trick.”