EDITOR’S NOTE: Information Services Librarian Ashley Will and Technology Trainer Lerin Anderson worked in collaboration to compile the following information.
Phishing schemes, in which a scammer sends an email or text meant to trick you into handing over your personal info, have gotten sophisticated in recent years, and can even include elements like official imagery or email addresses that look similar to email addresses used by official businesses.
To spot COVID-19 email and text scams, look for generic greetings (like “Hello, Sir/Madame”), requests for confirmation of personal information, or emails related to updating your billing details to judge whether or not an email from a company is legitimate. If a message’s language seems urgent, as though it’s attempting to pressure you into giving up your information to avert some sort of data disaster, it could very well be fake. If you receive a suspicious email from a particular company or even a friend or your employer, contact them separately via phone to verify the message before replying or otherwise acting on it.
Red Cross Impersonators Selling COVID-19 Home Tests
This is a scam in which people impersonated Red Cross volunteers in an attempt to victimize concerned individuals. These attackers said that they were working for the Red Cross and that they were offering COVID-19 home tests door-to-door.
On March 19, 2020, a campaign that emitted several waves of phishing emails purporting to originate from the World Health Organization (WHO) as a whole or from Dr. Tedros Adhanom Ghebreyesus, Director-General of WHO.
The emails instructed recipients to open an attachment for the purpose of receiving updated instructions on how to fight the coronavirus. This attachment was an archive that, when opened, revealed “Coronavirus Disease (Covid-19) CURE.exe.” When run, this executable loaded HawkEye, a keylogger which is capable of intercepting keystrokes, stealing credentials, taking screenshots, and exfiltrating its stolen data.
Extortion Emails that Threaten to Infect You with Coronavirus
The Sophos Security team learned about a phishing email scam in which digital attackers claimed to know “every dirty little secret” about their recipients. They tried to prove it by sharing one of the recipient’s passwords that no doubt appeared in a data dump pasted from a recent breach on an underground web forum. They then demanded that the recipients pay $4000 in bitcoin to have the attackers delete their data.
Hoax CDC Calls Asking People to Reserve COVID-19 Vaccines
The Daly City Police Department in California recently learned of a call-based scam abusing COVID-19 as a lure. In a tweet posted on Twitter, they warned that people impersonating the Centers for Disease Control and Prevention (CDC) had begun calling people and urging them to “reserve a vaccine for the COVID-19” with a credit card. Some of these individuals even went so far as to ask their targets to provide them with their Social Security Number.
Scams Promising $1K Checks for Economic Relief to Pandemic
The scam specifically sent out attack emails that capitalized on legislation in which every American adult would receive $1,000 checks as part of a $1 trillion stimulus package responding to COVID-1, as reported by the New York Times.
In this particular scam, it is claimed that their targets’ checks were already waiting for them. All they needed to do was to provide their personal information, bank account data and Social Security Numbers—nearly everything they needed to perpetrate identity theft.
The FCC website has actual audio samples of scams people might hear.
Online tool to guard against COVID-19 scams
Go to Better Business Bureau Scam Tracker. On the left of the screen, where it says “search for scams,” go to the “scam type” section and click on “COVID19.” Anyone who has come across a scam can report it there, which will allow the Better Business Bureau to investigate it and make others who visit the site more aware.
Better Business Bureau
The Better Business Bureau has a page regarding coronavirus with tips and alerts on topics such as the state of daycare; price gouging; and navigating the crisis as a business.
Federal Trade Commission Action
The Federal Trade Commission has tips which include hanging up on robocalls; ignoring online offers for vaccinations and home test kits; and more. In addition, the FTC and FDA have jointly issued warning letters to seven sellers of unapproved and misbranded products, claiming they can treat or prevent the Coronavirus. The companies’ products include teas, essential oils, and colloidal silver.
Department of Justice
The United States Department of Justice is providing information on how to stay safe from scams and other crimes regarding COVID-19 as well as resources if you think you have been a victim.
Department of Treasury
According to the U.S. Department of Treasury, if you receive calls, emails, or other communications claiming to be from the Treasury Department and offering COVID-19 related grants or stimulus payments in exchange for personal financial information, or an advance fee, tax, or charge of any kind, including the purchase of gift cards, please do not respond. These are scams. Please contact the FBI at so that the scammers can be tracked and stopped.