Scammers and attackers are using the public interest in COVID-19 to create opportunistic online scams and attacks.
Our international partners have shared reports of the following types of scams and attacks.
Some people are receiving emails claiming to be from the World Health Organisation (WHO). These emails have COVID-19 in the subject line, and request the recipient donate to the WHO COVID-19 Response Fund through their digital wallet. These mails are not from the WHO, and any money donated will go to the scammers.
Phishing emails claiming to have updated COVID-19 information
People have also been targeted by coronavirus-themed phishing emails, with infected attachments containing fictitious 'safety measures’. Instead of the link containing health information, it instead installs malicious software on your device that’s designed to steal personal information.
We’re also aware of similar emails being circulated that encourage people to fill in their email and password before they can get information on COVID-19. These are not legitimate, and instead are an attempt to steal personal information.
These phishing emails claim to be able to provide:
- information on new cases of COVID-19 in your city
- a guide on pandemic survival.
Webcam extortion emails
Some scam emails are asking recipients to pay money to the sender or they will circulate video footage of the recipient in compromising positions. This is a common scam, but newer variations are threatening to spread coronavirus to their family if they don’t pay the ransom. The emails are designed to scare the recipient into paying the money.
Fake coronavirus maps
Security researchers have identified a new campaign where the attackers claim to have a ‘coronavirus map’ application that people can download onto their devices. Instead, the application is malware, designed to steal sensitive information from the device it is downloaded onto, such as passwords.
Text message scams
Reports have been received in Australia of COVID-19 themed scam text messages that have a link that claims to direct people to testing facilities. This link is not legitimate and instead may install malicious software on your device that’s designed to steal your personal information, such as banking details.