Top COVID-19 Scams to Look Out For

Image for Post

October is Cybersecurity Awareness Month, an internationally recognized annual campaign to inform the public of the importance of cyber security. IST is bringing attention to the rise of COVID-19 scams ,phishing attacks, and social engineering. Your data's health matters - stay cyber-healthy and take care of your data.

Cyber criminals often feed off of fear and vulnerability. During a pandemic, these feelings run rampant. With the arrival of COVID-19, phishing attacks have increased with emails touting results, statistics, or new information on cures.

"Cyber attackers do not take holidays, in fact they take advantage of them to trick people," says Gordie Mah, Chief Information Security Officer for the U of A. "Similarly, cyber criminals are not standing down in these pandemic times but are striving to leverage from the uncertainty and fears that COVID-19 and remote work-from-home brings."

Between March 6 and August 31, 2020, Canadians reported 4,141 incidents of COVID-19 fraud and more than $5.6 million in financial losses to COVID-19 fraud according to the Canadian Anti-Fraud Centre.

"With the attack surface and windows of opportunity for cyber attackers shifting away from the organization's network and onto the home/residential environment, it is even more vital that we all practice and maintain good cyber hygiene and stay alert," Mah says. "Good cyber hygiene includes up-to-date patches, fixes, operating systems, applications, and antivirus; securing your home wifi; enabling the computer's personal firewall; encrypting the hard drive; and using endpoint security protection."

Top COVID-19 Scams to Look Out For:

Phishing scams: emails, text messages, and phone calls
Scammers distribute information under the guise of Health Canada or other reputable agencies and create a sense of urgency to elicit a response. For more information on phishing, read "You Know Phishing, But Have You Heard of Vishing & Smishing?" Take this Phishing Quiz created by Google's Jigsaw unit to see if you can recognize a phishing email.

Ransomware: fake mobile applications
When the contract-tracing app was first announced, scammers created a fake mobile application purporting to be from Health Canada. Once a user downloads the app, their data is held for ransom until a payment is exchanged.

Spoofing: fake "government" websites
Masquerading as government websites, scammers re-create well frequented websites to fool users into giving out their personal information.

How you can protect your data's health

Think twice before you click on links or attachments.
Hover your mouse over links in email to see where the URL leads you, but don't click. Don't open any email attachments you weren't expecting.

Secure your home computer.
Keep up-to-date with patches/fixes/updates (including security, operating system, and antivirus updates). Enable the computer's personal firewall and hard drive encryption. Use a strong/secure password that is unique and not shared. See more tips for How to Stay Secure.

Protect your password.
Give every device a secure password, that is at least eight to ten characters long and consists of a mix of numbers, special characters, and upper and lowercase letters. Do not use the same password for multiple accounts, and never disclose your password to anyone.

Never give up personal information.
Banks, lending institutions, insurance companies, health care services, credit card companies, and government organizations will never ask for your personal information over email. If in doubt, call the organization to verify if they sent the email.

Learn more about new forms of phishing and the intent behind social engineering as part of Cyber Security Awareness Month. For more information on cyber security, visit the University of Alberta's Chief Information Security Officer's (CISO) website or the Canadian Centre for Cyber Security for additional tips to stay cyber-healthy.

About Julie

Julie Keyser is the Communications Team Lead in Information Services and Technology (IST).