Watch out! Scammers are using the coronavirus to steal your information

We love to see the world with rose-coloured glasses: people are nice, everyone is friendly, and the planet is a good place. But every now and then, we’re reminded not to be so naive. Ever since the coronavirus popped up its ugly, germ-filled head, scams have occurred on just about every platform, from Facebook to Amazon. “As with any news story, criminals will use this as a pretext for scams,” says Alex Hamerstone, GRE practise lead at TrustedSec, an ethical hacking firm hired by Fortune 500s to try to hack into networks and employees to prevent real attacks. “Coronavirus also preys on people’s fears, so it really is the perfect storm for a scam pretext.”

When it comes to online scams, the biggest risk consumers and businesses will face is from phishing emails that impersonate WHO, or other health agencies and insurers, says Karim Hijazi, CEO of Prevailion, a company specialising in intercepting data from hacker networks. “Cybercriminals have a lot of resources at their disposal nowadays which enables even less sophisticated crews to carry out rather advanced phishing campaigns,” Hijazi says. They can buy phishing kits and malware tools online, rent botnets to launch their attacks and find bulletproof hosts to support their malicious domains. “What the average person needs to realise is that phishing scams may often look identical to the same thing,” he says.

Now’s the time that you may see ads offering prevention, treatment, or cures for the coronavirus. Sounds too good to be true? It is. And if there’s a really big medical breakthrough, the last place you’ll hear about it is via an ad sent to your inbox in the form of a sales pitch. Consumers should look at the return path in the email to see where it really originates from, Hijazi says. “Hackers can easily spoof any domain they want in the email header that shows up in your inbox, but they can’t do that with the return path,” he says. “If the return path shows a different domain or email address, then you know it’s a trick.”

Here are the steps you should take if your data has been hacked. 

These will appear on the websites you visit, Hijazi says. “Criminals often use a technique called “combosquatting” to create malicious websites that may appear to be a legitimate domain,” he says. Often what they will do is to hyphenate or add a period after the business name, then insert a new word like “sales” or “discount” to create an entirely new domain. For example, Bigboxtretailer.com could be hyphenated to Bigboxretailer-deals.com. “To the average person, that will appear to be the real website of Big Box retailer, when in actuality, it is an entirely separate domain controlled by the hacker,” Hijazi says. If companies don’t register all the combinations and variations that can be created from their website domains, they leave their customers exposed to this type of scam. Hijazi suggests checking the WHOIS registration of a website to verify the real owner.

Here are 11 ways thieves can steal your identity.

“Scammers depend on you reacting before you can carefully consider things,” Hamerstone says. Instead, think for a bit and try to discern whether it’s too good to be true, whether anything sounds odd (maybe something is misspelled, maybe the grammar is incorrect, etc). Then, ask a friend or family member to offer a second opinion.

Watch out for these 10 phone call scams that can steal your money.

If you get an email raising money for an organisation, don’t click on the link in the email, Hamerstone says. Instead, use your browser and go straight to the organisation’s website. Same for phone calls. Instead of responding directly to the call and giving credit card info to that person, call the company back on its mainline to make sure the offer or fundraiser is legitimate.

Here are 7 alarming things hackers can do when they have your email address. 

Expect to see special offers on high-priority goods like hand sanitiser and face masks, Hamerstone says. Or a sender could also claim to represent the local hospital and are warning you about a personal contact who has recently tested positive for coronavirus. There are many schemes they could use to convince you to open an attachment, click on a link, log into a website or provide information over email.

Avoid these online shopping scams. 

“There is a very simple way to spot a scam,” Hamerstone says. “Does it pass the smell test?” This means, ask yourself: Is this offer too good to be true? Is this an unsolicited communication on social media, or on your phone or by email? “People are used to doing everything over email these days, but always remember that the government does not send you attached files,” Hamerstone says. The government is not going to email you a PDF or Word document with data about local infections in your area and the state health department is not going to send you a zip file. They’re also not going to request your personal details over email.

Here are Facebook scams you need to take seriously.

With Amazon’s site, it’s often difficult to tell who the seller is, Hamerstone says. This gives every seller a certain amount of legitimacy and it becomes harder for the buyer to tell whether or not they should be concerned, which is why it’s very important to check on who the seller is. On Amazon, there are two points of data: the maker of the product and the company or person who is actually selling it to you. The seller is listed right under the “Buy now” button. Click on the seller’s link and check out their Amazon page. “Ideally, you want to stick with third-party sellers who have been active on Amazon for a long time, have a large number of positive reviews, and there is consistency in their offerings,” Hamerstone says. You should also try to avoid buying important items like medical devices from third-party sellers who don’t appear to have much experience in the medical field. The safest bet is to stick with items that are labelled “Ships and Sold by Amazon.com.”

Learn the 16 clear signs you’re about to get hacked.

Sign up here to get Reader’s Digest’s favourite stories straight to your inbox!

Source: RD.com