With the concern surrounding the coronavirus, scammers are been busy finding ways to trick unsuspecting victims into revealing personal or payment information.
The best way to avoid a scam is to know the red flags.
You get an email from an official agency such as the Center for Disease Control and Prevention, or the World Health Organization about the coronavirus outbreak. The subject line sounds urgent—something like “Emergency: coronavirus outbreak in your city” or similar.
Here’s an example:
(image courtesy of Sophos Security)
Remember, do not click to get an “updated list of new cases in your city” or ask you to download a file of “safety measures” to stay safe. The links take you to a legitimate-looking website designed to gather personal information—even your email address and password (which means they could reset your usernames and passwords to any accounts linked to that address). Clicking on attachments could download malware onto your computer designed to accomplish the same goal.
Other coronavirus scams promise you preventions, treatments, or cures. The Better Business Bureau (BBB) reports, “one scam email claims that the government has discovered a vaccine but is keeping it secret for ‘security reasons’” but the email promises you can buy it now. Another tries to con people into donating to vaccine creation fundraising effort.
The United Nations also warns impostor scams like this could also come over the phone, a text message, or even a fax.
Tips for spotting coronavirus-themed scams
Don’t panic. Scammers want you to “act quickly” and respond without thinking. Always double-check the information.
If you’re being emailed or called by an official agency, question it. Take a close look at the sender. Scammers are sending emails that, at first glance, look real (for example: “cdc-gov.org” instead of just cdc.gov, or “who.org” instead of who.int). The WHO is telling everyone that they will NEVER:
- Ask you to log in to view safety information
- Email you attachments you didn’t ask for
- Ask you to visit a link outside of who.int
- Ask you to donate directly to emergency response plans for funding appeals
- Conduct lotteries or offer prizes, grants, certificates, or funding through email
- Charge money to apply for a job, register for a conference, or reserve a hotelThe FTC says for updated information about the virus, you should visit the website for the Centers for Disease Control and Prevention or the World Health Organization.
- Ignore offers for vaccinations, treatments, or cures. Think about it: if there was a medical breakthrough, would you be hearing about it for the first time through an ad or a sales pitch?
- Make sure the charity campaign is legit.
- Look out for grammar and spelling errors. Mistakes happen, but they could be a sign the email is fraudulent.
- Don’t click links—navigate to the website yourself. If you hover your cursor over a link, the address will be displayed. If it looks phishy, don’t click. Better yet, if there’s any question, do a little Googling and find the website yourself.
- Don’t give information to those who shouldn’t be asking for it. There’s no reason for the WHO, the CDC, or a website selling a cure needs your email address or password. Always think twice on whether the “source” of the email or phone call really needs the information they’re asking for.Two-factor authentication can help. It’s an extra layer of protection if your password is ever stolen (or you gave it out by accident).
If you think you’ve fallen for a scam, change your passwords immediately! Also, make sure your computer’s anti-virus software is up to date. We also have a how-to guide to help if you think you’ve been a victim of a data breach.Help others by reporting a coronavirus scam you encounter to the WHO or the FTC (fts.gov/complaint)