Circuit breaker might have ended, but COVID-19 scams have not.
The reality is this, scammers are way smarter than we give them credit for. What’s their secret potion to get people under their spell you may ask? People’s fears! And what easier way than to exploit all the fears and worries people have due to the impact from COVID-19! A+ indeed!
In fact, accompanying the growth in user interest, an online research observed a 656% increase in the average daily coronavirus-related domain name registrations from February to March, bringing the total to 116,357 newly registered domain names. In this timeframe, it witnessed a 569% growth in malicious registrations (or 2,022 newly registered domain names), including malware and phishing; and a 788% growth in “high-risk” registrations (or 40,261 newly registered domain names), including scams, unauthorized coin mining, and domains that have evidence of association with malicious URLs within the domain or utilization of bulletproof hosting.
Of course, this also depends on which country you are in. Sadly, the vast majority of these scams come from the U.S, followed by Italy, Germany and Russia. Luckily within Australia, there are few more hurdles for a scammer to get through before they can register a domain name. Namely, they need to have a registered business entity through ASIC first.
However, here’s the thing. When it comes to international domains, such as .com domain names, they can be registered quickly and without hassle, meaning that they are largely dependent on third-party security vendors to detect & take them down, which can take between a few hours or a few days, giving more than enough time for a scammer to put a malicious domain name to good use.
Furthermore, keep in mind that while malicious domains are primarily used to launch fake websites, they can be used for other purposes, such as phishing emails. For example, a scammer could use a domain such as “covidcure2020.com.au” to launch a fake vaccine website, or they could use it to send you a scam email addressed from “email@example.com”.
Here are some tips for you to stay safe online!
1. Treat any COVID-19 related domain name, email, or website very cautiously during this time
2. Always check for HTTPS in the URL
While https:// isn’t the guaranteed badge of safety that it’s often portrayed to be, it’s still necessary and much safer than its counterpart (http). Wherein visiting a website that starts with https:// guarantees that you are at least visiting a site with a verified security certificate, http sites are far more open, and allow your data to essentially be eavesdropped on in transit.
To check for HTTPS://, look for the padlock and https:// in your browser address bar.
3. Make sure the URL matches the website you expect to be visiting.
Often times, fake domain registrations will try to match existing websites and just change a few characters around. If you click on a link or popup expecting to be taken to Bunnings or BIG W for example, make sure that the link you land on actually matches their official website exactly.
4. When you receive an email, check the address!
Because modern email systems allow for senders to show a display name instead of an email address, it’s a lot easier for scammers to pose as others. Whenever an email contains a link for you to click, or is asking for payment/data, be sure to expand the display name and check the actual email address of the sender!
Alternatively, you can google for that particular website or access it from the company’s official website.
And just for your information, here are some of the most current COVID-19 scam types currently floating around:
Fake products: The most frequent coronavirus scams involved fake products and services. The fake products included a Coronavirus Frequency Defense, which claimed to use sound and noise to ward off the virus, and a COVID-19 sterilizer that uses UV light to clean your home or office. There were also a variety of disinfection services that claimed to be licensed to perform such work, but clearly had created a website in haste.
Fake vaccines/med treatment: Emails and sites may offer access to COVID-19 testing or vaccinations. Never seek these services outside of official vendors.
Impersonating health organizations: The next major category is sites that pretend to be health organizations, with the World Health Organization being the most popular target. In some cases, these sites are really phishing campaigns trying to obtain personal information, and in other cases they are secretly installing malware. In addition, while some copy legitimate health information, others include advice or news about the spread of the virus that is misleading or wrong.
Financial fraud: With governments around the world implementing delays in paying taxes, or offering rebates or subsidies to individuals and businesses, scammers are using these programs to get people to turn over their personal and financial information. Examples include a phony tax site set up in Lithuania and fake revenue agencies appearing online in the U.S., the U.K., and Canada. In addition, there is a growing number of charity scams that try to induce people to give to a cause such as research or crowdfunding health care for someone who has been diagnosed.
Superannuation scams: Scams that offer fake early-access to your superannuation and request private data or bank details to proceed.
Phishing/SMS scams: These have been absolutely rampant since the pandemic broke out.
Price gouging on sanitation products: This extends outside of the realm of cyber also, with people hoarding key supplies (such as toilet paper) and upselling it at ludicrous amounts.
For more information on staying cyber safe during COVID-19, click the green button to contact us today!
eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.