Industry News

Beware COVID-19 Charity Fraudsters, Warns the FBI

Scammers have no qualms about exploiting the pandemic to steal from the unwary

Don’t just look out for yourself, warn vulnerable friends and family of scams too

From the as-if-you-didn’t-have-enough-to-worry-about-in-2020 department, the FBI has warned that scammers are attempting to defraud the public by exploiting the COVID-19 pandemic.

Scams can, of course, arrive via all manner of routes – face-to-face on the doorstep, via phone calls or text message, but it’s even easier for fraudsters to target a larger pool of victims by making their initial contact via email or social media.

And with so many people more reliant than ever on the internet for staying in touch with friends, family, and work colleagues, there’s danger that more people than ever before are being exposed to the risk of being scammed.

And what better lure might there be than by exploiting an individual’s anxiety about the Coronavirus? Or plucking on heartstrings through an emotional appeal to help others who might have had their lives turned upside down by the pandemic?

As early as April 2020, the UK’s National Computer Security Center (NCSC) revealed that in just a one month period they had taken down more than 2,000 online scams related to the Coronavirus pandemic.

That statistic included hundreds of fake online shops selling masks, hand sanitiser, and other fraudulent items. In addition, 555 malicious Coronavirus-related webpages had been found designed to distribute malware, and 200 phishing pages attempting to steal passwords, payment card details, and other personal information.

And, most common of all, over 800 online scams related to advance-fee fraud scams which claimed to offer large windfalls if a setup payment was made.

Here’s an example of one Covid-19 charity scam, first spotted by Bitdefender’s Liviu Arsene earlier this year:

Part of the email reads:

Help rush life-saving medical care to families an children in China, neighboring countries and beyond. Your girt will ensure that these vulnerable individuals receive coronavirus vaccines to the medical services they desperately need.

The email goes on to ask for a Bitcoin payment to be made to “contribute towards this noble cause.”

There’s a simple way to help you and your loved ones spot the tell-tale signs that something may be a scam: apply the simple SCAM test:

S – seems to be too good to be true.

C – contacted out of the blue.

A – asked for personal details.

M – money is requested.

To be honest, I’m not too worried about you falling for one of the Coronavirus-related charity scams. You’re reading the Hot for Security blog, so you’re already demonstrating much more security savviness than the typical internet user.

But you may have vulnerable friends and family who could be tricked by a convincing scammer to donate money, or hand over personal information, in the belief that they were doing good or going to benefit personally.

For their sake, get clued up about the scam techniques used by fraudsters and help educate them to spot threats for themselves.

Because sick-minded scammers themselves have no qualms about taking advantage of the most vulnerable, and exploiting the biggest global health crisis of our lifetime.

For more tips on how to protect yourself against scams and charity fraud, check out the tips from the FBI.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.