The coronavirus creates outbreak of scams and malware

May 13, 2020

Why cybersecurity is more important now than ever before

The coronavirus creates outbreak of scams and malware

While you’re trying to protect your family and your employees from COVID-19, cyber criminals could be trying to infect your computer with malware that steals your personal information and money. The scammers are also hawking fake cures, bogus charities and false promises for stimulus payments. It’s an epidemic of fraud. Top security experts say criminals are preying on our sympathy, fears and isolation.

“Because cybercrime is up even more during this pandemic, more companies are vulnerable,” said Jennifer Robertson, CEO of Red Maple™, “That means we need to be even more vigilant with online security so that privacy doesn’t become a casualty of the virus.”

During this crisis, more companies have their teams working remotely. Most of us are sheltered at home without a support network and have more time to surf online as well. We’re a captive audience for cybercrime. No one is immune.

The numbers are alarming. Check Point Research reports more than 51,000 coronavirus-related domains have been registered since the beginning of the year and 9% of them are malicious or “suspicious and under investigation.”

Complaints about the websites have surged in recent weeks. The Federal Trade Commission (FTC) says in the first week of April 2020, coronavirus-related reports topped 18,235. In those complaints, consumers reported losing $13.4 million, or about $600 per person. There are so many scams happening now, the FTC created the FTC Bingo game, listing the ways people can get swindled.

Here are the top seven schemes and how you can beat them:

Phishing emails and texts

1. Phishing emails and texts

Phishing emails and texts include links to legitimate-looking agencies that ask for sensitive information like passwords and credit card numbers. Clicking on the links can prompt malware to download that steals web browsing data and tracks keystrokes.

Simply click on the example on the left where phishers pretend to be with the World Health Organization.

What you can do: Experts say you should keep security software up to date on your computer and cell phone. Set up your accounts to use multi-factor authentication. Also use a password manager to auto-fill credentials for true websites and block sites that look similar but are fraudulent. Also, don’t click links or download attachments from questionable sources. Instead, go directly to the agency or organization.

Fake cures and tests

2. Fake cures and tests

Websites are peddling fake treatments such as essential oils, teas and colloidal silver. In Southern California last month, FBI agents arrested an actor after he claimed he developed a coronavirus prevention pill, then delivered the phony treatment to undercover agents. In Georgia this month, FBI agents arrested a man for allegedly soliciting and receiving kickbacks from testing companies in exchange for referring people for Covid-19 tests they didn’t need.

What you can do: Just say no. Don’t respond to any unsolicited emails, texts or calls. If you want the latest news on treatments, visit credible government sites. If you have medical questions, call your doctor. If you see fraud, please report it to the FDA.

Fake charities and GoFundMe pages

3. Fake charities and GoFundMe pages

Emails and social media posts are asking for donations to help coronavirus victims and their families. But some of the charities and GoFundMe pages are fake. The con artists try to fool you by using pictures and stories of actual victims. Worst of all, your money will go to scammers and not the people who really need the help.

What you can do: If you want to contribute to a charity, go directly to their website and give. Only donate to those you trust. Verify the charity first through Guide Star, CharityWatch, and Charity Navigator.

Look for clues the sites or emails are bogus. They will often have misspelled words and poor grammar. The charity scams will use URLs that are similar to legitimate organizations to trick you. So, read the URLs carefully and keep in mind that most authentic charity sites will end in .org instead of .com. Finally, if anyone asks for payment in wire transfers or gift cards, it’s probably a con.

Coronavirus spying apps

4. Coronavirus spying apps

While Google and Apple are making news about a new framework that allow cell phones to sound an alert if someone nearby has coronavirus, scammers are getting in the game. They’ve created apps with similar names that take control of your devices. People using the malicious apps think they are tracking the virus, but the apps are actually accessing the device’s photos, contacts, files, location and camera. The camera access allows the attackers to take photos and record videos and audio, according to the mobile company Lookout.

In all, Check Point Research has discovered more than 16 malicious apps that promise to protect people from the virus, but actually steal banking credentials.

What you can do: Only download apps from official app stores, such as Google Play. Do not download apps from third parties. When unsure about an app, seek advice from reputable sites. Also check to see if the apps have been verified and reviewed by consumers.

The no-delivery scam

5. The no-delivery scam

Online sellers claim to have cleaning products like hand sanitizers and medical supplies, but once you place an order, they never deliver. The sites use tricks like ‘limited time deals’ to get you to buy quickly and order more, according to Scam Tracker reports.

What you can do: The Better Business Bureau says phony online stores are on the rise, especially for critical items like face masks. But don’t bite. Not only will they take your money, the sites can also steal your credit card information. Only purchase from established retailers or local businesses that you know and trust.

Fake work-at-home schemes

6. Fake work-at-home schemes

Con artists are preying on the desperation of people who have lost their jobs with promises they can work from home and make a lot of money. What they’re really after is your money. They’ll try to get you to pay for training and supplies. But there’s no job.

What you can do: The (FTC) says you should never pay money to earn money. Also, don’t share any personal information such as your social security number until you’ve done your research. Search online for the name of the business and the words “complaint” and “scam.”

Government stimulus check scam

7. Government stimulus check scam

The FBI is warning people that scammers may call and ask for financial or personal information in order to get the federal coronavirus stimulus check. Other fraudsters are calling people asking for a $50 processing fee.

What you can do: The IRS says it won’t contact anyone about the checks. The checks will be mailed or deposited directly into accounts. If you have questions about the check, go directly to the Internal Revenue Service website.

When it comes to cybersecurity, Check Point Research says attacks related to COVID-19 are on the rise. In fact, there’s an alarming 2,600 attacks every day. Businesses with poor security practices are getting hit the hardest. The most popular video conferencing platform is now under investigation for lax security and breached personal data. Just when we need it the most, many companies are failing to protect us. The New York Times has called the pandemic an excuse for companies “to seek the rollback of the modest privacy protections that exist.”

Long before the crisis, we at Red Maple have made it our mission to fight online crime and fraud. Our solution is called StagedPay. The program takes security to a new level. With StagedPay, merchants never get a customer’s entire credit card number, so even if the business is hacked, criminals can’t use the information. The customer keeps full control by entering account numbers into a secure site that requires two-step authentication and verification.

“StagedPay eliminates the risk of hackers crippling companies by stealing private information because the credit card numbers simply won’t be there. Likewise, it will also prevent employee fraud and theft,” said Patrick Hodo, CIO of Red Maple.

To learn more about StagedPay software for small, medium and large merchants, visit

Get the most out of Microsoft Dynamics

Find out how you can expand MS Dynamics' capabilities with our turnkey software solutions.

Find out if our Microsoft Dynamics extensions and solutions are a good fit for your corporation by scheduling a free demo.

<< back to blog