Scammers rehash old campaigns, create credit card-stealing websites and repurpose information channels to milk the COVID-19 crisis for all it’s worth

Another week of the COVID-19 pandemic is almost behind us, with countries charting out paths to recovery and in many cases moving to shake off some of the lockdown restrictions.

Meanwhile, the crisis has brought out the worst in con artists, who have been exploiting every trick in their playbooks of scams to defraud people. Indeed, for weeks they have been hard at work impersonating legitimate sources of information on the pandemic and launching new fraudulent online marketplaces offering deals on products that are in short supply, such as respirators and hand sanitizers.

In part four of our series on COVID-19-related scams, we share a few examples of recent campaigns targeting your money and personal data. More examples of scams that seize on concerns surrounding the pandemic are available in these three articles.

Mapping out a scam

The most popular COVID-19 map was developed at the Johns Hopkins University by Professor Lauren Gardner, a civil and systems engineering professor, and her graduate student Ensheng Dong. It allows researchers, public health authorities and the public to track the pandemic’s progression and provides useful statistics. Since everyone is trying to be up to date on the latest developments, that makes the organization an ideal target for scammers to impersonate.

In the example below, you can see an example of a fraudulent map impersonating the Johns Hopkins map, with some extra features such as pop-up ads and a chat window. If you click on any part of the map, it will try to redirect you to a phishing website, which will try to scam you out of your personal data or attempt to steal your login credentials or even download malware to your computer.

WHO let the app out?

As individuals struggle to remain on top of the influx of daily information, they usually rely on the media and their local and international health authorities. The World Health Organization (WHO) remains one of the best and foremost sources of information on the COVID-19 pandemic, and so it probably comes as no surprise that it is one of the authorities most impersonated by fraudsters.

In recent campaigns, scammers have pretended to be WHO officials, while emailing victims with bogus information. These emails included either a link or an attachment, which then lead to malware making its way to your computer. But now the bad actors have upped their game by creating a website impersonating the WHO, as demonstrated in the example below.

The website tries to trick the victims into downloading a fraudulent application claiming to have COVID-19 information and instructions. Once they click on the download button, it instead downloads malware to the computer. Depending on the victim computer’s location, and other factors, different payloads, varying from information stealers to ransomware, are downloaded to the computer,

A fake one-stop-shop for your pandemic needs

Due to a shortage of personal protective equipment and hygienic products such as hand sanitizers, fake online stores have proven to be a popular way for scammers to defraud victims. Especially face masks are the search term du jour.

In fact, they are so popular that in the next example the scammers are offering them on a website that sells smartphones and apparel as well – a one-stop-shop for all your quarantine needs. As many of these online shops are clearly fake, it seems likely that your credit card data will be siphoned off if you attempt to go through with purchases on these sites, especially if the prices seem unusually good.

Philanthropic spirit of sharing the wealth

Another scam that has remained popular with fraudsters is preying on people who have fallen into financial difficulties or can be cajoled into thinking that they can make easy money. In the example below, someone posing as a wealthy businessman claims to be diagnosed with COVID-19 and, in an attempt to redeem his soul, wants to share his vast wealth with charity organizations. He just needs your help to do it and for that, he will pay handsomely. Although the request sounds charitable, it is a scam. Once the victim engages in communication, the scammer will try to bilk the victim out of increasingly greater amounts of money with false claims of fees, unforeseen costs and bribes needed to finally release the ensuing fortune.

It is safe to say no businessman worth his salt would be careless enough to rely on the goodwill of strangers to access their wealth.

Beyond the subject line

Dating and romance scams are quite widespread and have defrauded victims out of millions of dollars over the years. In the example below aimed at German speakers, the scammers apparently thought the phrase “sex sells” applies to a pandemic as well, even if many countries are advising social and physical distancing and limiting travel. The email itself offers access to a dating service that apparently doesn’t concern itself with the age of the customer, which should already be cause for alarm.

The body of the message translates as follows: “It doesn’t matter how old you are. Our hookup dating site has been created so that you can communicate anonymously with various girls. Have sex now. The girls themselves get in touch first and want sex. We guarantee the protection of your personal data. Here is this site: HappySweetDating. Click and go through the quick registration process.”

Astonishingly enough, the only link to the pandemic is the subject of the email that states “stop the spread of COVID-1 (sic)”, which makes no sense since it goes against the advice and directives of governments worldwide to limit physical interaction.

In conclusion

These are by far not all of the tricks scammers have hidden up their sleeves, but it goes to show how low they’ll sink by playing on the confusion and fears surrounding the crisis.

So, it’s best to remain alert and keep out of harm’s way, both in real life and on the internet. Here are some pointers that should help you stay safe:

  • Do not click on any link nor download any files in an email if you cannot verify the source independently. And even if the email comes from a source you trust, doublecheck with them if they really sent it. Don’t forget to scan the attachment with an endpoint software to see if it’s safe to open
  • If you want to have up-to-date information, rely on trusted sources like the official websites of health organizations or the news. Visit only reputable sites like WHO (who.int) and Johns Hopkins (https://coronavirus.jhu.edu/map.html). Due to high demand, load times may be slow. It’s worth the wait
  • Scrutinize offers that seem too good to be true or suspicious, and never purchase anything from an unverified vendor. If you’re in doubt, even in the slightest, do not purchase anything from the vendor under any circumstances. Neither click on links nor open attachments for that matter. Always look for reviews about the vendor and evaluate them
  • Don’t reply to unsolicited emails from strangers and especially if they ask you to provide any kind of personal information
  • Always use a reputable security endpoint solution that can protect you from malware, phishing and other kinds of cyberthreats

Related reading

Beware scams exploiting coronavirus fears
Coronavirus con artists continue to spread infections of their own
Scams, lies, and coronavirus

ESET has been here for you for over 30 years. We want to assure you that we will be here in order to protect your online activities during these uncertain times, too.
Protect yourself from threats to your security online with an extended trial of our award-winning software.
Try our extended 90-day trial for free.

1 May 2020 – 11:30AM

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)