Don’t be fooled by Coronavirus click-baits

“What the government doesn’t want you to know about COVID-19” and other online scams. 

As the COVID-19 pandemic is reshaping business and daily life, there is no shortage of people who see this crisis as an opportunity to capitalize on those seeking some answers or comfort online. Cybercriminals are dusting off old tricks and adding the Coronavirus tag to increase their chances of a click, download, or purchase. Who doesn’t want to know the one-and-only trick to prevent the virus? Or the miraculous drink that will cure everyone? Or the deep secrets your government is hiding?
Here is a summary of the scams we’ve seen to help you avoid them:
Fake Charity Scams

You may be asked to “donate to this company no one heard of, to help get a vaccine against COVID-19 in a month,” and other money-grabbing requests. Many of these are floating the web these days, jumping on the C-virus wagon.

This type of scam is doing two things: taking your money and running with it, or taking your personal and credit card information to make future fraudulent purchases. It pays off to research a company before making a donation.

These days – especially these days – it is important we don’t forget about those charities that are doing great work around the world and to continue donating. But do it only through the platforms and companies you are familiar with. Consider your local food bank, for example.

Cybercriminals will continue to rely on recent world events to convince consumers to donate money. The form of the scam will evolve, but don’t forget it is still a scam. 

Fake News and Misinformation

There has been an increase in false news stories since the Coronavirus outbreak, as we are all itching to read the latest advice, information, and statistics. Amid the latest news, Whatsapp messages, or group emails, it is not hard to find fake school closure notices, inaccurate medical advice, and legitimate concerns drowned out by bots belittling and intimidating discussions of threatening issues.

The attention-grabbing headlines that may be promising you new information or advice are in fact, trying to get some malware into your machine or even trigger a social reaction.

You may have read the news about Ukrainian citizens throwing rocks at a bus with Coronavirus evacuees from China. This social reaction happened after Ukrainians claimed to receive information – later known as fake – stating that the bus was bringing infected people to their country.

At this time of high emotion, online users may not pay as much attention to the source of a fact or the trustworthiness of a website. To avoid this, simply stick to your trusted news outlets for your information. 


Fake Merchants

During crises, stocks of some goods such as masks, and hand sanitizers are running low, partially due to fear-triggered mass-purchases. Buyers tend to search other online outlets that appear to have the product in stock to buy from them.

This is where bad actors come in. As users, we are seeing fake merchant sites appear, claiming to have the inventory of sought-after goods. You may see ads saying their face masks have 100% effectiveness against COVID-19, but this is only a trick. The truth is that these pages are baits to collect your payment information.

Many companies are implementing behavioural tools to verify online users so that even if their personal information has been stolen during a scam, this is not enough to impersonate them.

Fake Tracker Apps

As the Coronavirus situation intensifies and we seek out news to stay informed, a wave of unsafe sources has begun to appear.

Several Coronavirus tracker dashboard apps with malicious software are roaming the net, to steal browser history, social media, or bank account information. In some cases, these unsafe trackers can even gain remote access to the infected device. This means that they can control your phone remotely, without you even realizing it.

Again, stay vigilant when you choose the apps you download. Refer to trusted sources: the CDC site, your national newspaper, or your government site, for instance.

NuData is helping detect some of this malicious activity within a device among its clients, by identifying unexpected behaviour from a particular user.

Consumer Assistance Scams

In a consumer assistance scam, the bad actor makes an offer via email or online ads, offering you financial relief due to recent events – how thoughtful, isn’t? Often, these offers are attempts to sign consumers up for expensive or predatory loans or to steal their identity information.

Again, be suspicious of those companies reaching out to you during these times to offer something suspiciously helpful.


Bots are helping some online buyers clean out the stock of certain goods. This is not a scam but a consumer action that is creating problems in some places, and we wanted to include it in this summary.

Here, people buy first necessity items in large batches and resell them at a higher price at consumer marketplaces like eBay. There are no restrictions on product quantity at most online merchants, allowing these buyers to legitimately purchase a whole pallet of hand sanitizer.

Because of the large number of purchases, people behind these morally-dubious actions can sometimes use an automated script to make the purchases in very little time. Merchants with bot-detection tools, such as NuDetect’s solution, can find and mitigate this abusive behavior.

In short: Think twice before clicking

You have enough to worry about. Our advice is to think twice before you click on what could be a bait-like headline, ad, or email promising products or information that your regular trusted sources don’t have. At the same time, we are working with our clients to prevent unusual and suspicious behaviour that arises within their traffic during these times to mitigate emerging attacks.

Lastly, refer to your trusted sources for information, research new companies before making a purchase or a donation, and look for the source of the facts you read. Stay safe!

The post Don’t be fooled by Coronavirus click-baits appeared first on NuData Security.

*** This is a Security Bloggers Network syndicated blog from NuData Security authored by Yash Chaurasia. Read the original post at: