During this time of heightened awareness and protection against potential health risks associated with COVID-19, there is also an increased risk in scam methods used by cybercriminals.
The Army Criminal Investigation Command warns the community that some phishing campaigns prey on would-be victims’ fear, while others capitalize on the opportunity created by hot news topics. The COVID-19 pandemic presents cybercriminals with a way to combine both into a dangerous, one-two punch.
Most recently, the Johns Hopkins University COVID-19 interactive map has been hacked by cybercriminals. The hackers are selling copies of the interactive map as a malware tool used to steal passwords and user data.
A significant number of additional coronavirus-related domains have been registered. CID officials warn users to not open attachments or links in emails coming from such domains.
Below is a list of websites that have recently shown signs of malicious behavior detected by anti-virus software: coronavirusstatus.space; coronavirus-map.com; blogcoronacl.canalcero.digital; coronavirus.zone; coronavirus-realtime.com; coronavirus.app; bgvfr.coronavirusaware.xyz.
CID special agents remind everyone to be alert and suspicious and take extra steps to verify information before agreeing to anything. Without being suspicious, you could be putting someone’s personal or financial information at risk.
According to CID officials, individuals should be suspicious of anyone who approaches or initiates contact about coronavirus; and anyone not known, or with whom conversation was not initiated, who offers advice on prevention, protection or recovery, especially if they ask for money.
Cybercriminals may use a variety of approaches, including
• Someone claims to represent the health department who emails you or comes to your door and tells you of the risks of COVID-19 and offers vaccination or other testing. The health department will not do this. If this happens, call your local police department immediately.
• Someone claiming to be from your bank or an investment firm who you do not already have a relationship with, who offers investment alternatives to protect you from economic and market uncertainties.
• Someone who threatens you with repercussions, like arrest, prosecution or confinement, if you don’t pay a fee.
• Someone claiming to be from a hospital where a loved one is being treated for the virus but needs money urgently before lifesaving treatments can be rendered.
• Someone claiming to be your friend stuck in a foreign country and can’t get home unless a “virus prevention” or other outrageous sounding fee is paid.
• Unsolicited emails offering expert advice or information, which can contain malware or links to sites with malware.
• Someone asking for any personally identifiable information, bank account or financial information, or information about family members.
• Someone claiming to be from computer support who tells you your computer is infected with coronavirus and offers to repair it. Computers cannot be infected by coronavirus.
Remain vigilant and take precautions against cyber scams. Always use trusted sources; avoid clicking on links in unsolicited emails, IMs, or texts; avoid opening attachments in unsolicited emails; do not reveal personal or financial information in email, IMs, or texts; and verify a charity’s authenticity before making donations.
Reputable websites relating to the coronavirus are from the CDC; World Health Organization; U.S. Department of Health and Human Services and Food and Drug Administration; the government’s coronavirus website; state, county and city health departments; local hospitals; primary care physicians; clinics where you get medical services.