COVID-19 Scams

Cybercriminals are opportunists who take advantage of changing events to look for victims.  With the global pandemic we are experiencing in COVID-19, be on the lookout for the following scams:

You Can’t Buy a COVID-19 “Cure”

Many of the COVID-19 scams going around involve attempts by companies and individuals to sell products they claim to prevent or cure the novel coronavirus.  But the novel coronavirus is exactly that — new — and there is no known cure yet.  Vaccine trials are underway, but any scalable results are months away at best.

Phishing Emails

Don't let the pandemic lower your guard.  Phishing emails will still persist, even if the theme changes.  To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title. In several examples, actors send phishing emails that contain links to a fake email login page.  Be on the lookout for the following:

  • Examples of phishing email subject lines include:
    • 2020 Coronavirus Updates
    • Coronavirus Updates
    • 2019-nCov: New confirmed cases in your City
    • 2019-nCov: Coronavirus outbreak in your city (Emergency)
  • Always look at the sender email address, not just the sender name.  It's easy to spoof the name, but harder to spoof the email address (but not impossible).  For this exercise, the email came from noreply@radford.university, not noreply@radford.edu.
  • If an email ends up in your junk mail folder, it is likely spam or it is spoofed to look like someone else sent it. Again, check the sender email address carefully.
  • Does the email generate a sense of urgency?  Cybercriminals use this tactic to speed past your better judgment to take action and is a tell-tale sign that it's a phishing email.  
  • Did the email require you to enter a password?  Radford University’s Division of Information Technology (DoIT), and email from legitimate banks or other sites, will NEVER ask for your password.
  • If you are logging into a Radford University website, always verify the URL you are logging into is https://sso.radford.edu. That is our only Single Sign On (SSO) website.  The URL is visible in the search bar of your browser.
  • If an email seems suspicious, feel free to forward the email to itsecurity@radford.edu and request IT Security take a look at it for you.

Phishing Text Messages

Most phishing attempts come by email but groups have observed some attempts to carry out phishing by other means, including text messages (SMS).

Historically, SMS phishing has often used financial incentives—including government payments and rebates (such as a tax rebate)—as part of the lure. Coronavirus-related phishing continues this financial theme, particularly in light of the economic impact of the epidemic and governments’ employment and financial support packages. For example, a series of SMS messages uses a UK government-themed lure to harvest email, address, name, and banking information. These SMS messages—purporting to be from “COVID” and “UKGOV” —include a link directly to the phishing site.

In addition to SMS, possible channels include WhatsApp and other messaging services. Malicious cyber actors are likely to continue using financial themes in their phishing campaigns. Specifically, it is likely that they will use new government aid packages responding to COVID-19 as themes in phishing campaigns.

Malware Distribution

Cybercriminals are using COVID-19 themed lures to get you to open malware-infected files.

  • They may try and get you to click on a link or download an app that may lead to a phishing website, or the downloading of malware, including ransomware. For example, a malicious Android app purports to provide a real-time coronavirus outbreak tracker but instead attempts to trick the user into providing administrative access to install "CovidLock" ransomware on their device.
  • They may try and get you to open a file (such as an email attachment) that contains malware.  For example, email subject lines contain COVID-19-related phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”.
  • If you open a COVID-19 related email attachment from an unknown sender, please contact itsecurity@radford.edu immediately so that we can evaluate the attachment and determine if your computer has been infected with malware.