Any tips on what to watch for from COVID cyber-scammers?
This question was answered on April 9, 2020. Much of the information contained herein may have changed since posting.
Cyber-scams proliferate any time there are big events, so a pandemic is a huge opportunity to compromise victims that are trying to keep up with the constantly changing landscape.
They can be in email messages with malicious links or attachments, booby-trapped websites, text messages, social media posts or direct messages from what appears to be a friend.
When something this overwhelming occurs, it sets the stage for the scammers to take advantage of the highly emotional state we’re all in, also known as ‘amygdala hijacking’ (https://bit.ly/2y49jtC).
If what you’re reading can get you to let your guard down, you’ll likely fall right into their trap.
The Hover Trick
Since a large percentage of the scams will include a link to the Internet, it’s important not to click any link until you’ve done a few checks.
The links can lead to websites that appear to be legitimate resources, but in the background, they’re sniffing around your computer to see if you are missing any updates that can be exploited.
The first thing you can do is hover your mouse pointer over the link and look in the bottom left corner of the program to see the actual destination.
Look for any obvious signs that the destination has no association with what appears to be the sender. For instance, if it says that it’s from a bank but the destination doesn’t have anything to do with the bank, it’s a red flag.
Scan the Link
Instead of clicking the link, you can have it scanned just like files get checked for virus code using the VirusTotal URL scanner (https://bit.ly/2V1kCMe).
You simply copy the link and paste it into the scanner to have dozens of malware detection engines review the contents of the link to see if any of them think it is harmful.
When you click on the ‘Details’ tab, it will also provide the actual URL if a link shortening service was used to create the link. Link shortening is used to hide the actual destination by some scammers.
Search Using the Contents
Another quick way to learn more about the information being presented is to copy the headline, subject line or the first paragraph and paste it into Google as a search.
Often times, you’ll find sites that are warning you about a specific scam or if the information is legitimate, you’ll see a number of trusted resources also posting about it.
Another attack vector is from a compromised social media account that is then used to post malicious content or send rigged direct messages to that person’s network.
Anytime you suddenly see a post or a direct message from a friend that seems out of character, it’s something to consider before engaging with the information.
‘When’ as a Tip-off
Another thing to watch is the actual time that the message or post was created. Lots of scammers that target people in the U.S. are doing so from a foreign country in another time zone.
Posts and messages in the middle of the night or very early morning aren’t necessarily all scams, but it’s another consideration if some of the other signs also exist.
About the author
Ken Colburn of Data Doctors on April 9, 2020