As the world comes to terms with a health crisis of dimensions never before seen in modern times, hackers are taking advantage of the situation to intensify their attacks and exploit our vulnerabilities. Figures detailing the use of the Coronavirus as a way to bait and infect victims have jumped dramatically since the global pandemic was declared. This poses a great security risk to all, as it can lead to the mass distribution of different types of malware, capable of causing economic and social disaster and even putting our health system at risk.

These days we have been receiving countless emails, text messages, voice memos, videos, memes and news of all kinds related to the pandemic on our devices. The information overload caused by the fear of the Coronavirus is the perfect scenario for cybercriminals, who take advantage of our uncertainty to attempt to deceive us with different types of online scams.

Being aware of the online threats that are circulating during these moments of crisis and following good digital practices are essential to avoid becoming a victim of these attacks.

Coronavirus phone scams

Several cases of telephone scams related to the Coronavirus pandemic have been reported. Phone scams are when a cybercriminal places a call aimed at obtaining a person's confidential data and/or online banking username and password in order to subsequently make fraudulent bank transactions or card purchases.

In some of the reported scams, scammers pretend to be supermarket employees and ask their victims for their credit card number to place home deliveries. In others, the criminal offers elderly people free home coronavirus testing in exchange for their details.

Remember: banks, government institutions and legitimate services such as supermarkets will never ask you for your password to their platforms, nor will they ask you for your credit card details. 

If you receive a suspicious call, be wary of the call and never reveal your personal details.

Malicious websites for purchasing healthcare equipment

Due to the isolation measures imposed by the state of alarm, online purchases and home deliveries have skyrocketed. This provides hackers the perfect opportunity to try to trick us by creating fraudulent websites offering products that citizens need now more than ever. 

To avoid falling victim to scams and to protect your money and data, we recommend taking certain security measures before making an online purchase.

Email attacks, Covid-19 phishing scams

The fear surrounding the pandemic and its consequences has incentivised cybercriminals to design phishing campaigns that offer false recommendations against the virus or links to purchase healthcare material. Their aim is to steal our personal data or even infect us with ransomware, a form of malware which hackers use to encrypt the content of our computers and later demand a ransom to rescue it.

To avoid becoming a victim of this type of scam, follow these steps when you receive a new email:

1. Think it over before opening emails related to the Coronavirus, especially those that try to spark your curiosity by promising a cure or announcing limited offers of the most in-demand products, such as masks. It could be a phishing scam. If in doubt, you can research the information using other sources or contact the sender via another channel to verify that the mail is in fact legitimate.

2. Consider the sender. Even if the sender appears to be someone you know, it is essential that you analyse the sender's email address in detail and not rely solely on the name shown. Any legitimate service or bank can be impersonated with the aim of misleading you.

Below is an example of a phishing scam impersonating CaixaBank, reported in March 2020, taking advantage of the confusion generated by the coronavirus. When you click on the link it contains, you open yourself up to malware and may even allow your CaixaBank passwords to be stolen:

The most important thing is to check the email address used by the sender. If you look closely, you will see that the person sending the message has nothing to do with CaixaBank. This is a clear sign that you are dealing with identity impersonation and that you should not open the link it contains.

3. Look at how they address you. It is possible that the hackers do not have their victims' personal information, as phishing campaigns are generally targeted at hundreds of thousands of people around the world. It is therefore common for them to use generic terms such as "friend", "Dear customer" or "Good morning", without using the name of each individual.

However, even if the sender knows your name, this is not proof that the message is legitimate. Hackers are perfecting their techniques, and it is increasingly common to find phishing scams aimed at specific victims, as in the cases of CEO Fraud and Invoice Fraud. Even if they address you personally, remain alert and apply the other security recommendations.

4. Do not click on links unless you are completely certain of their truthfulness. Phishing emails usually contain malicious links that act as a gateway for cybercriminals to access your computer.

As users, when we receive a message that includes a link, it is difficult to know beforehand whether it will lead us to where we want to go or whether it is actually a trap. For this reason, whenever possible, we recommended that instead of clicking on the link in the text you directly type the URL you want to access into your web browser.

Remember that, just as we follow the recommendations and guidelines of authorities to prevent the virus from spreading, we must also take measures to protect ourselves from cyber threats, which can also affect us individually and collectively. The current uncertainty may distract us from protecting our data and identity online.

Don't let hackers take advantage of the situation. To ensure your security, never lower your guard. Especially in exceptional situations such as the one brought on by the coronavirus.