Global concern, vulnerable groups at high risk, excessive demand for out-of-stock goods and misinformation on social media - all of this equates to a huge opportunity for cybercriminals.
ESET researchers have compiled some of the most common forms of fraud and are analyzing them, drawing the attention of users.
Malicious news. Scammers pretend to send important information from reputable bodies, such as the WHO. (Fig.1) or from reputable journalistic organizations, such as the Wall Street Journal (Fig.2), in order to trick potential victims into clicking on malicious links. Typically, such links (Scams) may install malware, steal personal information, or attempt to obtain login credentials and passwords.
Exploitation of charity. In this form of scam, cybercriminals try to persuade the victim to help fund a vaccine for children in China. As there is currently no vaccine, users end up sending bitcoin to scammers' wallets. The technique is effective only in a very small percentage of users, but it acquires a respectable size if one considers that it is done on a global scale.
Masks. In another type of fraud, cybercriminals send spam emails (Fig. 3) wanting to trick victims into ordering masks to keep them safe from the coronavirus. In fact, victims end up unknowingly disclosing sensitive personal and financial information. According to Sky News, fraudulent mask sellers snatched 800.000 1 ($ XNUMX million) from users in the UK in February alone.
ESET advises users to be aware of these and related scams and to be extremely careful by applying the following guidelines:
• Avoid clicking on links or downloading spam attachments / texts from unknown or even trusted sources unless you are absolutely certain that the message is genuine.
• Ignore communications that request your personal information. If you deem it necessary to provide them, be sure to check the authenticity of the sender first, using a different medium than the email itself (eg internet search).
• Pay special attention to emails marked "urgent" or "caution" and urging you to take immediate action or offer COVID-19 vaccines or treatments.
Beware of charitable campaigns or crowdfunding campaigns that may be fraudulent.
• Use reliable software with multiple levels of security, which has protection against phishing.