The US and UK governments have issued a new alert, warning users to avoid clicking any suspicious email or text message links related to government relief funds.
The alert, titled "COVID-19 Exploited by Malicious Cyber Actors" highlights the many ways the coronavirus pandemic is being exploited by bad actors. It was released as a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC).
According to the announcement, government security agencies are seeing an influx of COVID-19 related scams, put out by advanced persistent threat (APT) groups and cybercriminals. Like many scams, the perpetrators rely on both fear and trust to trick their targets.
The most common of these scams are phishing scams. A malicious party pretends to be from a reputable organization — such as the government or the victim's bank — and sends them an email or text message. The message will often state that a victim's account needs to be verified or that they need to provide additional information through a provided link. The information can then be used to log into the account in question.
New malware is also being distributed, using coronavirus or COVID-19 themed lures. By installing malware onto a victims computer, a cybercriminal can monitor the user's activity and siphon login data from sensitive sites, such as credit card and bank websites. Malware often masquerades as attachments in emails or files shared on social media.
"NCSC has observed various email messages that deploy the "Agent Tesla" keylogger malware. The email appears to be sent from Dr. Tedros Adhanom Ghebreyesus, Director-General of WHO," reads the alert. "This email campaign began on Thursday, March 19, 2020. Another similar campaign offers thermometers and face masks to fight the epidemic. The email purports to attach images of these medical products but instead contains a loader for Agent Tesla."
Lastly, the announcement reminds people to be safe when using virtual private networks (VPNs) and video conferencing software. There are known vulnerabilities affecting VPN products from Pulse Secure, Fortinet, and Palo Alto. There are known scams related to video conferencing software released by both Zoom and Microsoft Teams.
It is essential to realize that the government — whether in the U.S. or U.K. — is not going to send out any information via text or email that will result in getting a relief payment. While many tech-savvy folks already know this, it may be a good time to refresh less tech-savvy people on how to keep themselves safe from scams.
12 Comments
Makes a change from the Netflix and Amazon phishing emails that seem to plague most of us these days.
I think it’s time to enact a wartime law that mandates summary execution for scammers who are caught and convicted. Conduct drone strikes on scammer call centers in India and Pakistan. Take ‘em out. I’m tired of getting calls from the IRS and Social Security warning me there’s a warrant out for my arrest if I don’t pay money right then and there. I actually took the time once to talk to one of these people. I asked where they were and then asked if they Muslim or Hindu. Then I asked them what their faith had to say about stealing from the elderly. One guy admitted there were no jobs where he lived and this was the only thing he could do to support his family. I’m sure he was immediately fired after the call.
Of course Covid-19 scammers are out in force because of all the fear and panic being instilled in the population by the news media with their announcements of the latest death tolls while sinister music plays in the background. They promise Facts Not Fear but are doing the exact opposite. Now the ‘experts’ appear to be backing off their apocalyptic predictions but what does really mean? Were they wrong in the first place or has the social distancing having an effect? It will be interesting in the coming months when investigative journalists dig into the facts and fictions of this episode.
Wait!
What?
Steve Munchkin is not going to Venmo my money to me?
I look forward to getting my virus direct deposit soon.
I don't really need it, so I have to figure out what kind of goodies I'm going to get with it. I don't need anything from Apple right now, so I'll have to come up with something else. I'm probably going to treat myself to something nice.
As for these scams, of course lowlife criminals and scammers are going to be taking advantage of the current situation, it's what they do. I don't disagree with Lkrupp, serial scammers should be sentenced to death. I have no problems with that. One single scammer can cause a lot of problems and headaches for a great many people. Scammers should be eliminated, just like we try to eliminate certain diseases.
I'm not worried about scams myself, as I can easily spot them from a mile away. Most scammers are very stupid people who aren't very intelligent and many can barely write in proper English. When you receive an email from a "major company" that's full of grammatical errors, that looks like it was written by a third world dunce, that would be a good tip off for most people who are paying attention. But I do sometimes get calls from relatives asking me about certain emails that they get, like an email from "Apple", asking them to reset their password. I tell them to not open the email, do not click on anything at all in the email, and just trash it immediately. I also love when I get emails from "Facebook", asking me to reset my password. I'm not even on Facebook. That's a slight give away.
Many people on this site are probably tech savvy, but the average person, including many of our family members and certain friends are not and I suppose that some of them are susceptible to being scammed.
The internet is no place for the uninformed and the naive.