COVID-19 has been deemed a worldwide pandemic, leading many concerned individuals to turn to the internet for current and updated information. Unfortunately, this is exactly what cybercriminals, hackers, and even government spies knew the public would do. Multiple news and public safety outlets are reporting a variety of email phishing scams, fake websites, and fake maps aimed at stealing information or infiltrating networks of unsuspecting individuals.
Potentially Dangerous Websites
There is at least one malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University circulating on the internet. Visiting the website infects the user with the AZORult trojan which can steal information from your device unknowingly. The National Guard says it is being spread through email attachments, advertisements, social media, and online searches for COVID-19 information.
(See below example of the Johns Hopkins University coronavirus tracking map that hackers copied in order to spread malicious software that steals personal information. Picture from Miami Herald.)
A cybersecurity company called Recorded Future, along with an anti-virus testing service called VirusTotal, have identified many potentially dangerous websites:
Unfortunately, these are just some of the websites that have been identified as potentially dangerous. In order to avoid visiting potentially dangerous websites, consider typing in website addresses directly and only visiting websites that you know are reliable and safe.
For more information on how to identify a malicious website, check out this article by Tech Guy Labs.
Phishing emails are designed to get the recipient to click on a link or attachment within the email. Clicking on the link or attachment is what gives the virus access to your device. One such scam was sent by a seemingly legitimate email address of [email protected][.]gov offering information regarding the virus.
(See examples of actual phishing emails below. The first is an email seeking to take advantage of the panic that COVID-19 has caused. The second is a document that was sent pretending to offer advice, but actually infecting unsuspecting victims when they open the document. Found on Forbes.)
Any time unsolicited email communication is received, it should be regarded with caution. The safest thing to do if you aren't sure about the email is to delete it without clicking on any links or attachments. Some email providers even give the option to report the email as phishing, which helps identify and shut down scams.
For more information about identifying a phishing scam, check out this article by the Federal Trade Commission.
What to Do if You are a Victim
If you believe you may have visited a malicious website or clicked on an email phishing scam, the first thing you can do is run your antivirus software. Disconnect your device from the internet and run a full software scan. This may identify and isolate a virus on your device.
If you are still unsure if you have a virus, or if you are interested in protecting your device from future infection, contact us at Hopper Corp and we would be glad to help.