If you thought scammers would have a heart and stop their game throughout the activities, think again.
Keeping yourself safe is one of the most important things you can do right now, and that likely means self-isolation, but it also means being aware of what’s being sent your way online and through your phone.
We’re online more than ever at the moment, be it for school, work from home, telehealth, or just plain browsing the web, and scammers are more aware of that than ever, as well, employing scams to get us to hand over money, or just call them back and have it be taken from our bills.
The approach is still largely the same on email, though, but the premise is a little different. Instead of the usual tax scam, cyber criminals are hoping the threat of the COVID-19 coronavirus will be enough to get you to read, and then to act, losing out on money in the process.
We’ve seen a few, and the latest appears to be a fake donation form purporting to be from the World Health Organisation (WHO), requesting a donation for what’s called the “COVID-19 Solidarity Response Fund”, which does appear to exist, just not in this way.
The official Solidarity Response Fund can be found at the WHO’s website, but the one you’re being sent an email of just isn’t right.
Sophos Labs this week received this scam, and like others, you’ll want to pay attention to the email address which isn’t quite right, the Bitcoin donation mechanism (which is hardly consumer friendly), as well as the lack of attention to detail in the words like “donation” which are instead spelled “donationtion”.
“These emails are fake, but very real looking and take advantage of new and until recently unheard of charitable organisations,” said Chester Wisniewski, Principal Research Scientist at Sophos.
“The tell-tale clue is the request for Bitcoin, rather than credit cards or other currency,” he said. “Due to the ability to trace and stop real wire transfers and credit cards, criminals prefer to rely on crypto-currencies to attempt to preserve their anonymity and freedom and the Bitcoin payment request seen here is a sign that something isn’t right about this email. We haven’t seen the novel nature of this attack before – impersonating charities around COVID-19.”
It’s not just the scammers sending out coronavirus emails, though, because we’re beginning to see a return for older scams, such as the Wangiri phone scam.
With more of us at our phones at home, it’s not surprising to see this one back, which involves scammers using an international phone number to call once and then hang up. The Japanese translation of “wangiri” is “one and cut”, and that’s crucial to know because this is a scam where callers intentionally call and hang up on the hopes that you’ll call back to find out what you were called for.
Wangiri phone calls are a known way for scammers to make money, and play off our desire to know why we were being called, with international phone numbers not only a great way to convince us that the call was important, but also a great way to charge money. If the call is through an international dialing code you’re not familiar with — and all typically are — it’s likely the scammer is working with one that has a hefty price attached to it, with the scammer likely to keep you on the line for as long as possible to charge up plenty to your account.
While the premise of this scam is typically about keeping you on the line artificially for as long as possible, we wouldn’t be surprised to learn Wangiri scammers are leveraging the COVID-19 coronavirus, and we’ve seen a similar approach in the use of calendar scams lately.
“Any time the public’s interest becomes fixated on a topic, scammers, spammers and malware authors latch on to the news and are determined to find a way to exploit the opportunity,” said Wisniewski.
“We’ve seen this type of activity in the past, but rarely is the whole world so focussed on one thing, making this chance to develop scams a little too good to be true for cybercriminals.”
That means it’s likely to get worse. As more and more countries go on lockdown and online criminals become more aware that an increase population will be on their phones and computers all the time, you can more or less expect the scams to ramp up.
As such, you should always look for the signs.
If you get an email:
- Do you know who the email is from?
Check not just what the name says, but what the email looks like, and work out if it’s really legit. Would a government or major organisation write you from their official domain, or from a random one you’re not familiar with?
- Is there something fishy about the writing?
Scammers like tricking, but they don’t always have attention to detail. Check for poor spelling and grammar, because scammers don’t always think about that.
- Are you being asked to hand over money?
Shock horror: scammers want your money. It’s how they make theirs. But they won’t always use a website, and they can’t just latch onto the official one, so they’ll either ask you to click on a link to take you to a faked website designed to look legit, or give you an untraceable Bitcoin code to use. If you do want to donate to a fund, search for the real one on Google, and see what the search engine turns up. Google is doing a lot of work to make sure the coronavirus results it delivers are legit, which scammers typically won’t be able to compete with.
And if you get a phone call, remember to question if the phone call is from someone you know, or if it just seems out of the blue.
If you don’t know the number, don’t call it back immediately. If it was important, someone would have left a voicemail or will try calling back.
Scammers will do anything to relieve you of money, and to deposit that money into their own bank accounts. It doesn’t matter that the world is in crisis to them, because just lends them the power to abuse that fear.
You can do what you can to not let them take hold of that fear, and pay attention to their moves to make sure they lose out.