Type of Scams
False Information Emails
The fraudsters have been sending emails claiming to be from legitimate organizations, government or public health agencies (e.g. World Health Organization, Public Health Agency of Canada) to provide information about the coronavirus. The email message will advise the receiver to click a link or download an attachment for the information, but the user will likely download malware onto their computer network or device. As with other cyber-attacks, this malware could allow cybercriminals to take control of a device, log keystrokes, or access personal information and financial data.
Medical Advice Emails
Phishers have sent emails that offer bogus medical advice to help protect you against the coronavirus or cure you of it. Users will be provided with a malicious link to download expert information that can heal them or a link to purchase a fraudulent product (e.g. at-home COVID-19 test).
Corporate Policy Emails
Cybercriminals have also targeted employee workplace email accounts. With many workers currently working from home, some corporate cybersecurity measures may not be available, and the criminals are trying to take advantage. Employees may receive emails purporting to be from HR, advising users to click on a link to read the company’s updated Infectious Disease Policy. If you click on the fake company policy, you’ll download malicious software.
Business Email Compromise
According to a recent report, a cybercrime group well known for BEC schemes in the past, have incorporated COVID-19 into their scams. The group will imitate a company’s CFO and then contact someone in the accounts receivable department to request a list of delinquent clients and up-to-date contact information for each client. Once received, they quickly contact these clients and inform them that they have changed their banking information due to COVID-19 and request payment.
There have been many fraudulent COVID-19 themed websites launched since the pandemic emerged and recent research has estimated that 50% of the coronavirus themed domain registrations are likely from malicious actors. Many of these sites have leveraged John Hopkins University’s interactive map that shows you how COVID-19 is spreading throughout the world. The fraudulent websites are using real-time data from the John Hopkins site, but are also prompting users to download a malicious application.
Other COVID-19 Related Scams
The RCMP recently released a report that listed various other COVID-19 related scams to be aware of, including:
- Unsolicited calls, emails and texts giving medical advice or requesting urgent action or payment
- Unauthorized or fraudulent charities requesting money for victims, products or research
- Door-to-door salespeople selling household decontamination services
- Private companies offering fast COVID-19 tests for sale
See full report here.
Only use trusted sources for information related to COVID-19. Go directly to their site.