While the world is in chaos and trying to deal with the global COVID-19 pandemic, cyber criminals are not missing the chance to make a profit. The mass anxiety about the pandemic is still very much prevalent, even if we’re nearing a year since half the world went into lockdown, and cyber crooks are taking full advantage of that by exploiting that fear and anxiety. Ever since the pandemic began in spring, cyber criminals have started using the fear surrounding the coronavirus to spread malicious software and make profit. To avoid becoming a victim, you should familiarize yourself with the most popular COVID-19-themed malware that is currently going around, and ways you can prevent becoming a victim.
Different coronavirus-themed malware
- Scam websites are created to imitate legitimate coronavirus information sites.
When COVID-19 started making headlines and the inevitability of a global pandemic became clear, cyber criminals bought thousands of domains that have the word “coronavirus” in it. Many of the malicious registered domains are ones that users may stumble upon accidentally when looking for information related to the virus. Links to them may be posted in comment sections or sent in emails, and because they look legitimate enough, users may press on them. The sites could prompt users to download something malicious or ask that users provide their personal information, including login credentials.
- Malspam and phishing.
Malicious actors are disguising emails as communication from organizations such as the WHO in order to trick users into clicking on links or opening email attachments. For example, you may receive an email from someone claiming to be the World Health Organization about safety measures during the COVID-19 pandemic. The email may contain a link to these supposed “safety measures” and if you click on it, you would be taken to a site that’s imitating the legitimate WHO site. A prompt would appear asking you to “verify your email” by providing your username and password. This should immediately raise alarm bells in your head because no legitimate site will ever ask you to provide your credentials. There really is no reason why the actual WHO website would ask to verify your email.
Whether the emails are coronavirus-themed or not, you should always be careful with links. Before clicking on them, hover over them with your mouse and the URL of the site will appear at the bottom. Check that it’s safe before clicking on it.
- Malicious links in comments.
Just like in emails, you need to be careful with links in comments, especially for articles and news stories COVID-19 and the pandemic. If the comment section is not regulated, it may contain comments that link to potentially malicious sites. You could be led to sites that are either promoting scams or hiding malware.
Protect yourself from coronavirus-themed malware
Here are a few tips on how you can avoid becoming a victim of a coronavirus-themed malware.
- Think before you click.
When it comes to links in emails, comments, etc., you should be very careful. For example, if you receive an email from supposedly the World Health Organization, double check everything before clicking on any links in the email. If possible, don’t click on links in emails at all. Instead, access sites manually. If you click on a link in email and are redirected to a site that asks you to login or provide any kind of personal information, double check the site’s URL to see whether it’s legitimate before typing anything in.
- Be careful when providing personal information.
If you receive an email that contains a link to a site that asks for your personal information, be skeptical about it. As we mentioned above, there are many coronavirus-themed phishing emails that lead to websites asking users to provide personal information, including login credentials. Never put in any kind of personal information on shady websites, and always check the URL of the site before you log in.
- Always double check the sender of an email.
If you receive a coronavirus-themed email and it’s asking you to do something (open an attachment, click on a link, etc.), check the sender’s email address before doing anything. Malicious emails are often sent from nonsense email addresses, so if the sender’s address is made up of random characters and numbers, you can immediately disregard it as malspam. In many cases, the email addresses may look legitimate, which is why you should always double check them. You can use a search engine to look into whether the email actually belongs to whomever the sender claims to be. If you can’t find any results that would confirm it’s legitimate, be very cautious with the email.
- Look out for grammar and spelling mistakes.
Just like regular malspam, COVID-19 themed malicious emails will often be full of grammar and spelling mistakes. The mistakes are usually very obvious, so you will immediately notice them.
- Always scan unsolicited email attachments with anti-virus software.
If you receive a coronavirus-themed email and it asks you to open an attachment, first scan it with anti-virus software or a service like VirusTotal before opening. The anti-virus would tell you if the file contains malware.