The U.S. Secret Service is warning that cybercriminals are trying to steal from people using several scams tied to the coronavirus pandemic.
“As more and more people have tested positive for coronavirus, we’ve seen an increase in the number of scams that are occurring,” says Special Agent Chris McMahon, who spoke to AARP in an interview on Monday.
McMahon, who is with the agency’s Global Investigative Operations Center, says overseas partners including Interpol and Europol alerted law enforcement here to these schemes, which, like the virus itself, have seeped into the U.S. The Washington-based center combats cyber-enabled financial crime.
There are different coronavirus swindles, he warns, adding that there are fundamental ways consumers can protect themselves from losing cash or divulging sensitive personal data.
“You always want to be vigilant,” McMahon says.
As more and more people telework, they’re relying increasingly on email, so additional scams are forecast, the Secret Service says, urging extra caution.
The Secret Service gave AARP a PowerPoint presentation covering a variety of schemes that pose a threat. In the presentation was an email with the words “Wuhan Viral Advisory,” which offered “promising treatments.” Currently, there is no vaccine or cure for the coronavirus.
Another con was delivered via to an email that contains “-gov” at the end of the address. That’s easily confused with the “.gov” from a bona fide government agency. The email says “Preventive measures against corona virus” in the subject line. The body of the message touts “safety measures” to prevent the virus’s spread and urges recipients to download a document. But if you follow instructions and download it, you’ll see a Microsoft logo and be directed to “Enter password.”
“This is derived and driven from people’s fear — people are fearful of coronavirus. People are looking for information to protect themselves,” says McMahon, who probes large-scale transnational crime groups.
The goal? McMahon says “credential harvesting” may be happening. That’s when a bad actor gets your log-on and password and uses it for financial gain or to obtain access to the people and emails in your contact list.
Or, he suggests, it could be a way for the crook to infect your computer with malware (malicious software). Malware can allow a scammer to access your computer, where you may have sensitive information — such as access to online banking — stored.
Yet another trick is to secretly install a “key logger,” enabling the cyber-thief to see the keys you’re typing. Say you enter a password and only asterisks appear on your screen. According to McMahon, the key logger lets the fraudster see the actual letters you’ve typed.
That criminals try to capitalize on a global pandemic does not surprise the agent, who assails them as “opportunists.”
Other kinds of coronavirus scams involve con artists:
In the last example, McMahon notes that a huckster was claiming to have 10,000 face masks — ready for shipping — for $5,000. “We can prepare the shipment today against tomorrow morning as soon as payment is done,” the message continued. Take note of the awkward phrasing — “against tomorrow” — which should raise a red flag about the email’s legitimacy.
As the agent urges, it’s time for people to be “cognizant of their cyber-posture.”
Here’s more Secret Service guidance on staying safe.