Scams to watch out for during COVID-19

covid-19 scams

We are living in dynamic and, for many, difficult times. So much of the way we communicate, work, go to school, shop, get groceries, medicine, and supplies is now happening almost entirely over the internet.

That’s why, six months after the COVID-19 pandemic first sent the country into lockdown, it is more important than ever to stay safe online. Our increasingly digital lives, coupled with today’s uncertainty, mean the pandemic-fueled surge in online hacking will likely continue. This is true both for our personal accounts, as well as on the national level, especially given the upcoming presidential election.

We break down the most important trends to understand today in digital security.

#1 Social Media Hacking

One of the biggest threats of this year has targeted high-profile individuals on social media. The list of people who have been hacked is endless, from Joe Biden, Barack Obama, Bill Gates, and Jeff Bezos, to Elon Musk and even corporations like Apple.

Hackers took over these “celebrity” accounts and used them to post bitcoin scam links.

These hackers collected over $100,000 by conning regular citizens into sending money. The FBI was able to trace the information to identify 17-year-old Graham Ivan Clark. Clark and his accomplices used social engineering to trick a Twitter employee into giving them credentialing information, which would later allow them to access, hack, and abuse sensitive information from Twitter servers. This hack has been called the “Greatest Twitter Hack of all time” and created buzz in the cybersecurity realm. The extent to which this attack could have affected foreign policy and international markets is unthinkable. Clark has been pressed with 30 counts of felony.

This hack highlights that social media is not always as secure as we assume it may be. Scraping the internet, researchers have found that at least 235 million social profiles have been exposed online, including information like names, birthdays, engagement history (such as likes and comments), location history, and social group identifiers, according to Comparitech

That is why we always recommend ensuring your social media profile is private. It’s also important to create a strong password that you rotate out every six months. Consider investing in a password manager like 1Password (currently $4.99/month for a family of five), and at the least, be sure to write your passwords down somewhere secure. 

Making your social media accounts private stops hackers from using your name in spam marketing and phishing campaigns. It also ensures you are less susceptible to future attacks, as your personal information won’t be roaming the dark web. 

#2 Election Hacking

Many hackers are politically motivated. But in 2020, when the U.S. has already seen a 38% increase in internet usage, and a critical presidential election is fast approaching, we must be especially vigilant of this activity.   

Some of the largest groups attacking U.S. political campaigns and organizations include Strontium from Russia, Zirconium from China, and Phosphorus from Iran. 

Strontium, a group from Russia, was identified by the Mueller report as a primary source of attacks in the 2016 election. The group continues today to launch campaigns to steal citizens’ credentialing information to use for intelligence and spam marketing to disrupt operations. Strontium has affected over 200 political groups representing all parties, and has recently started attacking businesses in entertainment, hospitality, financial services, and manufacturing. The group has heavily relied on “spear phishing”, a way to capture credentialing through spam marketing campaigns. They’ve also used brute force tactics, and continue to re-invent the way they attack online.

As citizens and voters in a democracy, we need to understand these threats from abroad that seek to undermine our political system. Their efforts can indirectly, or even directly, affect our voting system.

#3 E-Commerce Hacking (Google & Amazon)

E-commerce has been another big target this year for “phishing” attacks. Brand phishing involves a scammer that imitates the official website of a well-known company or bank by having a similar URL and style to the original site. The link to that fraudulent site might be sent via email or SMS message or via a shady link while a user is browsing the web. These scam sites posing as the ‘real thing’ will typically contain a form meant to steal someone’s personal information or credentials. They can also be used to solicit payments.

Most of these attacks are done via the web (61% web, 24% email, and 15% mobile). They can appear as people on the internet run into fake websites, primarily through mistyping and fake search engines. 

To stay safe, we recommend that you constantly verify the website URL, particularly if you are giving any personal or banking information. It’s also important to be wary of clicking on any promotional links in an email. Also, have your guard up when you see a product that appears extremely underpriced. For example, a 50% discount on an iPhone is a common luring technique for hackers to steal information and prey on victims.  

You may also consider trying out a virtual card. Virtual cards are temporary, randomly-generated credit card numbers you can use to shop safely online without ever giving up your actual account information. A number of banks and financial institutions are starting to offer them today as a way to keep their customers’ actual account numbers from ever appearing online.

#4 Stalkerware

Stalkerware is software that allows a remote user to monitor the activities happening on another user’s device without that user’s consent. It can track your location, record calls or texts, steal passwords for accounts you log into with your phone, and reveal contacts, photos, and more. It can be used to spy on a user by a hacker—but also by someone you know, like a paranoid spouse or a boss.

Most of these attacks are done via the web (61% web, 24% email, and 15% mobile). They can appear as people on the internet run into fake websites, primarily through mistyping and fake search engines. 

To stay safe, we recommend that you constantly verify the website URL—particularly if you are giving any personal or banking information. It’s also important to be wary of clicking on any promotional links in an email. Also, have your guard up when you see a product that appears extremely underpriced. For example, a 50% discount on an iPhone is a common luring technique for hackers to steal information and prey on victims.  

How to protect yourself from scams

If you think you may be on a call or text with a scammer, do not engage—even to tell them you know it is a scam. Hang up, do not answer the text, don’t click the link, delete that email. 

We also suggest changing your passwords frequently, at least every 30-60 days. This will stop the risk of having your information stolen by malicious hackers. To check if your personal email account has been compromised, we recommend “Have I Been Pwned”—a free resource that assesses the risk of your online accounts. 

We also suggest the following basic protocol to protect yourself from cyber attacks:

  • Do not open emails from unknown accounts
  • Ensure multi-factor authentication (MFA) is activated on all personal accounts
  • Do not put personal information on your phone
  • Check the sender’s email domain name
  • Look at the grammatical writing of emails received – if things seem off, they probably are
  • Do not provide personal information in your emails or on calls (with the exception of if you started the phone conversation and with a trusted source)

 

Consider installing antivirus software on your mobile phone and computer like Bitdefender or Norton.

Finally, while Social Security field offices remain closed, scammers continue to prey on beneficiaries. If you think you have been the attempted victim of a specific Social Security scam (whether you collect retirementspousal, or survivor benefits), you should immediately report it to the Social Security Administration’s Office of the Inspector General

The pandemic is already making life challenging for Americans. To stop these hackers from taking advantage of—and adding to—today’s crisis, we must stay aware of existing and emerging scams, and take preventative steps to protect ourselves and our families.