Hackers often seize trending online topics like the new coronavirus in scam emails, texts and phone calls as a way to get potential victims' attention and install malware on their devices or gain access to sensitive information.
As COVID-19 cases spread across the globe at an alarming rate, more and more people are searching coronavirus-related terms and precautionary measures. The Better Business Bureau (BBB) and Federal Trade Commission (FTC) issued alerts warning people of COVID-19-related scam emails and texts in mid-February.
"We want people to just take a moment, stop, realize that scammers cast a wide net and that they are opportunistic," Colleen Tressler, FTC consumer education specialist, told FOX Business. "When it comes to phishing, we always tell people not to click on links or open attachments [from unfamiliar senders]. You could be opening yourself up to malware and people could be trying to get access to your personal information, passwords, credit card numbers and more."
One phishing email reviewed by the BBB says "the government has discovered a vaccine but is keeping it secret for 'security reasons'" despite the fact that this is largely false, the alert says. The email then links to a fraudulent website that asks for credit card information.
Similar intelligence from cybersecurity research company Check Point Research found that the number of internet domain names that include coronavirus-related words had jumped in mid-February, meaning bad actors are creating fraudulent websites related to the new virus outbreak to trick curious users into giving up sensitive information or downloading viruses by accident.
Here's how people and businesses can avoid falling for these scams:
1. Check email addresses, spelling errors
An example of a coronavirus-related scam text that I received last week shown above contains several spelling and grammatical errors that indicate it was not sent by a professional business or organization. The URL displayed in the message is also unfamiliar.
Tressler said scammers will often use email addresses and create websites that look real but aren't.
"There might just be a misspelling in a person’s name or the web address," Tressler explained. "If they link to a government organization, they may come from a .org or .net rather than a .gov. For example, a scammer might use CDC.com instead of CDC.gov."
People must take these small details into account when reading emails or text messages. Trusted sources send pre-reviewed, grammatically correct messages from familiar addresses or phone numbers. Familiar sources will also only ask users to click on links to familiar websites.
2. Hover cursors over links
Sometimes hackers use domain names that are disguised to look trustworthy or familiar. In some cases, hackers will hyperlink real web domains to fraudulent websites. Users should always hover their cursors over links link this in suspicious-looking emails. Since there is no way to do this on a smartphone, users should wait until they have access to a computer to investigate links in suspicious emails.
3. Protect your accounts, network
Tressler said the FTC's three tips for securing accounts are: "one, keep your computer systems up to date and back up data often; two, consider multi-factor authentication for accounts that support it; and three, change any compromised passwords and don’t use those old passwords for anything else."
4. Report scam attempts
Phishing victims and potential phishing victims should feel encouraged to report scam attempts to the FTC, BBB or even the FBI.
"We really want people to visit our consumer website, where people to sign up for scam alert and news alert subscriptions," Tressler said, "because when we start seeing more and more complaints about a particular issue, that really gives us more information to work with for certain cases. If people are seeing phishing scams about coronavirus or in general, we want to hear about it."
People can report scam attempts at FTC.gov/complaint or forward phishing emails to firstname.lastname@example.org.
5. Be aware
Simply being aware of these kinds of scams that use trending words and phrases to trick vulnerable email and phone users into giving out sensitive information is a good place to start.
Check Point Head of Threat Intelligence Lotem Finkelstein previously told FOX Business there are "thousands and thousands" of discussions going on between cybersecurity experts about how cybercriminals use trending topics from coronavirus holidays like Valentine's Day to "lure customers" with spam campaigns using self-made websites, social media, email and text messages.
"We discovered over 1,600 [websites] in the past week that seemed to be fishy had the word 'corona' in them," he added. "[Cybercriminals] try to get customers to complete an action so they unknowingly download malware such as ransomware."
This report contains material from previous FOX Business articles.