The COVID-19 pandemic has provided some major opportunities for hackers and scammers who want to steal your data. These cybercriminals have created fake COVID sites that appear legitimate but are designed to steal a target’s personal information.Government agencies and security experts are sounding the alarm about these scams, which are likely to remain common so long as the pandemic is ongoing.Here's how these scams work, and how anyone can identify them while browsing the web.
How COVID Scammers Use Fake Sites to Steal Your Data
As a variety of new government sites went live over the past few months to offer services like free COVID-19 testing kits and testing site information, scammers began registering sites of their own.
These websites may look legitimate and often reference real programs the government has put into place to help people access COVID-19 relief, like free testing kits.
However, the sites are instead designed to gather large amounts of personal information from individuals. This information can then be used in pandemic phishing attacks and other scams, like fake test result schemes intended to steal financial data from targets.
According to Fortune, there have been as many as 600 suspicious domain site registrations since the beginning of 2022.
Area 1 Security, Inc. identified 60 unique domain names that closely resemble the domains used by official government sites but actually steal personal details from individuals.
These scams aren’t likely to go away any time soon, meaning everyone should learn how to identify COVID-19-related scams and schemes.
How to Avoid New COVID-19 Scams
Fortunately, you can avoid most of these scams if you know what to look for. Basic cybersecurity knowledge and training can help most people identify scams at a glance, or know how to research a site and determine whether it is legitimate.
Cybersecurity training and credentials are increasingly necessary, especially for employees at businesses that work directly with the government and may need qualifications like Cybersecurity Maturity Model Certification (CMMC) or similar credentials.
If you don’t have formal training, however, these tips should help you differentiate between scam sites and legitimate government websites.
Government programs are often highly publicized. The domain name for a specific initiative—like the free COVID-19 tests provided through the USPS—can be found in many places, including reputable news sites, official government websites, and local government sites.
For example, there is one URL that provides information on COVID-19 test kits: covidtests.gov. This URL is easy to verify, because of how important and well-publicized the program is. It also uses the official “.gov” top-level domain. Scammers typically can’t spoof this domain, meaning .gov sites are almost always legitimate.
Googling “free COVID tests” and your news source of choice will also show you news articles that will likely include the link to the official USPS COVID test website.
Googling the URL of a site can also help you tell if the site is legitimate or not. The Google results page for the site’s URL should return a number of news sites and government sites linking back to the legitimate source with information about the specific program or initiative being offered.
However, you may not always be able to find good information about a particular site. The site may also be impersonating a private business, rather than a government agency, meaning you can’t rely on the .gov domain to determine its legitimacy.
In this case, you can use Google to investigate the business. Searching the business’s name can tell you more about the company and help you find reviews about it. Businesses without much available information or with bad reviews may actually be scammers in disguise. In some cases, online reviewers may explicitly complain about being scammed.
Otherwise, use basic security practices, i.e. checking for basic grammar and punctuation, and clear HD images and logos that aren't pixillated.
How You Can Avoid COVID-19 Scam Sites
So long as the government offers COVID-19 schemes, scammers will likely continue launching scam sites that attempt to impersonate these programs. If you fall victim to one of these scams, cybercriminals may use your information for future fraud.
It’s possible to avoid coronavirus scams by double-checking the legitimacy of scam sites and knowing how to vet websites. Even a simple Google search can go a long way in telling you if a site is legitimate or not.