Over the last few weeks, people have begun to receive text messages claiming that they have come into contact with someone who has tested positive for coronavirus. It’s an official-looking message that claims to come from the CDC, but includes a sketchy URL designed to pull in worried victims and steal their personal information.
This kind of phishing scam is extremely common, but the social distancing initiatives due to the pandemic have given scammers a reason to crank up their efforts. The FBI expects an uptick in just about every type of scheme you can imagine. According to the agency, risks are higher right now because so many people—adults and students—are working from home, a setup that places them outside any digital protections they enjoy when working in a school or an office.
While some tech companies and government agencies are taking action to try to fight the scams, you’ll almost certainly still encounter some out in the wild—even in places you may not expect it.
Below is an overview of some of the most common scams making the rounds at the moment.
Fake text messages
Right now, some of the world’s biggest tech companies and government agencies are developing contact tracing apps to alert people if they’ve come into contact with someone who has coronavirus, which lends credibility to this kind of fake text message scam. However, unless you have actively downloaded a contact tracing app—most of which aren’t even operational yet—you shouldn’t expect the CDC or any other government agency to send you this kind of message.
Clicking the link in the message will typically prompt you to enter personal information ranging from your name and address all the way up to your social security number (which is extremely bad news).
Experts also recommend that you don’t reply to scam messages like this because that can confirm that your number is in-service and ready to receive more phony messages.
Money Mule
The prospect of picking up extra income while working from home is more appealing than ever at the moment, but this kind of offer can unfortunately be a cover for criminals looking to move or store dirty money. Get far enough into one of these work-from-home scams and you’ll need to provide banking information so that you can get paid. The scammers pay you a sum of money, then ask you to transfer some of the funds back using a wire transfer or even just a basic check.
It’s a variation of the Nigerian prince scheme that has been around for generations.
Email attacks
Google typically sees somewhere around 240 million spam messages every day. But, last week, the company announced that more than 18 million scheme emails specifically related to COVID-19 went out every single day. The messages were mostly typical phishing schemes—trying to get users to click a link and provide personal information—just updated with new coronavirus-related text.
Some of the messages claim to come from employers, which is particularly effective in a time when so many workers are spread out in remote locations. The messages can also mimic those from health professionals, government agencies, or school districts.
Fake COVID websites
The big tech and social media companies have been taking serious action to try to fight coronavirus misinformation online, but fake websites selling fraudulent treatments or even just hawking bad information still pop up with regularity. In late March, the Department of Justice shut down a website offering a fraudulent coronavirus vaccine.
Facebook recently updated its policy on coronavirus misinformation soon after a report by information watchdog group, AVAAZ claimed that misinformation was spreading rapidly across the service. Now, Facebook will send an alert to users who have interacted with misinformation on the platform to provide links to the CDC website.
Data scraping
Distractions are welcome during social distancing, and users have been turning to social media quizzes and questionnaires to pass the time. It’s fun to reminisce about your first car or find out what your rap name is by mashing up your favorite food and the name of the street you live on. Unfortunately, that information lines up nicely with common questions used when trying to recover a lost account password.
The risk is lower with something like this than it is with a direct phishing attack, but spraying personal information out into the internet like a garden hose isn’t a good practice. If you want to participate in this kind of quiz or questionnaire, consider screenshotting or creating something similar in text form it and sharing it directly with a specific group of friends via a secure app.
In addition to these types of scams, it’s worth taking extra caution in just about every aspect of your digital dealings during this complicated time. Privacy and security issues can pop up at any point, even during your fun Zoom happy hour.