COVID-19 Scams

Goals

To provide a daily digest of new COVID-19/Coronavirus-related scams.

Early Findings

A listing of specific known, and of types of scams being seen as a result of the COVID-19 pandemic has been provided in the attached spreadsheet. Additional findings regarding generalities in scams since the start of the pandemic are provided below.
  • Jiri Kropac, a researcher at cybersecurity firm ESET, saw a spike of 2,500 infections from two malware strains spread by coronavirus-themed emails on Monday, according to a Forbes report, with another company, Proofpoint, saying the number of attacks so far have perhaps been the largest its ever seen set around a single theme.
  • Coronavirus/COVID-19 based domain names have been registered that could be used to infect users with malware—addresses like coronavirus-map[.]com, coronavirus[.]app and vaccine-coronavirus[.]com.
  • A number of scams involving coronavirus maps that mimic the legitimate Johns Hopkins' resource, with the program's designer Esri commenting on the confusion saying "Whomever posted the malicious downloadable app is attempting to take advantage of the strong public interest concerning the coronavirus, but it requires the user to either download the app executable or it could be distributed by email for the user to then install onto their local Windows system" have been identified.
  • Phishing emails that disguise themselves as coming from the Center for Disease Control and Prevention and the World Health Organization.
  • According to the National Fraud Intelligence Bureau, UK residents lost over $1 million to scammers in February 2020.

Proposed next steps:

You need to be the project owner to select a next step.