1:15pm, 26 March 2020
Attackers using COVID-19 themed scams - updated alert
CERT NZ has received reports of online criminals using the COVID-19 (novel coronavirus) pandemic as an opportunity to carry out online scams and malicious cyber activity.
Reports include opportunistic attempts to use the COVID-19 pandemic to trick people in to:
- donating to a fake World Health Organisation COVID-19 Response Fund
- paying a bitcoin ransom or risk their family being infected with COVID-19
- downloading malware from COVID-19 maps, or
- entering their details into phishing websites.
What this means
Scammers and attackers are using the public interest in COVID-19 to create opportunistic online scams and attacks.
Our international partners have shared reports of the following types of scams and attacks.
Some people are receiving emails claiming to be from the World Health Organisation (WHO). These emails have COVID-19 in the subject line, and request the recipient donate to the WHO COVID-19 Response Fund through their digital wallet. These mails are not from the WHO, and any money donated will go to the scammers.
Phishing emails claiming to have updated COVID-19 information
People have also been targeted by coronavirus-themed phishing emails, with infected attachments containing fictitious 'safety measures’. Instead of the link containing health information, it instead installs malicious software on your device that’s designed to steal personal information.
We’re also aware of similar emails being circulated that encourage people to fill in their email and password before they can get information on COVID-19. These are not legitimate, and instead are an attempt to steal personal information.
These phishing emails claim to be able to provide:
- information on new cases of COVID-19 in your city
- a guide on pandemic survival.
Webcam extortion emails
Some scam emails are asking recipients to pay money to the sender or they will circulate video footage of the recipient in compromising positions. This is a common scam, but newer variations are threatening to spread coronavirus to their family if they don’t pay the ransom. The emails are designed to scare the recipient into paying the money.
Fake coronavirus maps
Security researchers have identified a new campaign where the attackers claim to have a ‘coronavirus map’ application that people can download onto their devices. Instead, the application is malware, designed to steal sensitive information from the device it is downloaded onto, such as passwords.
Text message scams
Reports have been received in Australia of COVID-19 themed scam text messages that have a link that claims to direct people to testing facilities. This link is not legitimate and instead may install malicious software on your device that’s designed to steal your personal information, such as banking details.
What to do
CERT NZ recommends anyone looking for COVID-19 information looks to their regular news sites and official government websites.
Official information and all government updates on COVID-19 are collated on the govt.nz website.
NZ Government advice on COVID-19 External Link
CERT NZ advises the following:
- Be sceptical of advice that doesn’t come from official sources, particularly if it’s been sent to you unexpectedly.
- If you’re unsure if an email, text or any other communication is genuinely from a legitimate source, don’t click on the link or open the attachment. Contact the organisation via their official contact channels and ask.
- Protect your passwords and login credentials, don’t enter these into any websites relating to the COVID-19 virus.
- Keep your devices up-to-date.
- Keep your anti-virus up to date and run regular checks.
- Report suspected malware or phishing attempts to CERT NZ.
COVID-19 fraud schemes - Interpol External Link
COVID-19 scam messages – Stay Smart Online External Link
Coronavirus phishing attacks – NCSC UK External Link
If you require more information or further support, submit a report on our website.
Report an incident to CERT NZ External Link
For media enquiries, email our media desk at firstname.lastname@example.org or call the MBIE media team on 027 442 2141.