Page 115 - Cyber Defense eMagazine for July 2020
P. 115
Donation Solicitations - The Most Dangerous COVID-19 Phishing Scam
Global pandemics like COVID-19 bring out the humanitarian side of people in a substantial way.
Generally, people donate generously towards their respective National Disaster Relief Funds, and
research funds set up by their governments. There have been numerous incidents of cybercriminals
taking advantage of such philanthropic activities. One of the most notorious modus operandi is to design
fundraising pages that not only mislead users into donating money but also steal sensitive personal
information. Using such information, like names, email addresses, phone numbers, credit card details,
and internet banking usernames and passwords, these malicious actors accept money using the names
of disaster relief funds.
COVID-19 Vaccine and Cure Scam - The Most Ingenious COVID-19 Phishing Attack
While researchers are struggling to find an antidote for the coronavirus, numerous fake websites
advertising medicines and vaccines have sprung up on the internet. More than 20,000 new COVID-19-
related domains have been registered in the past few weeks. These websites also claim to sell COVID-
19 personal protective kits like face masks, sanitizers, hand gloves, medical combinations like
Hydroxychloroquine, Remdesivir, and so on. Such fraudulent websites ask for the full payment in
advance and unsuspecting people end up parting with their money only to discover that they have been
a victim of cybercrime. Amazon itself reported over a million fake products in this category over the past
couple of months.
Detective, Preventive and Protective Measures Individuals & Enterprises Can Adopt
Cybercriminals play on the psychology of the victim by pushing in email messages with COVID-19 related
information that come along with a malicious attachment or infectious URL. Knowing some of these
threats could be the best defense in thwarting such attempts:
• Reliance on Trusted Sources: Rely on authentic or official websites to get reliable information and
updates about the coronavirus. Be scrupulous in clicking on the links provided on articles and
blogs that share information on COVID-19.
• Refrain from The Temptation To Click/Download: Sometimes, ignoring unsolicited emails is the
best phishing prevention method. Downloading or opening malicious attachments or clicking on
an infectious URL allows malicious actors to gain access to network systems.
• Knowing the Phishing Techniques: The latest tactic deployed by malicious actors is to set up live
tracker websites from which people can purportedly get live coronavirus updates. Though the
websites appear legitimate, they are scamming attempts that end up with the user compromising
their confidential information.
• Phishing Protection Solutions: The best way to deal with phishing threats is to install a trusted
anti-phishing solution to thwart any attempt made by adversaries.
Cyber Defense eMagazine –July 2020 Edition 115
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.