Editor’s note: Wired for Safety is a column on cybersecurity and other tech issues. Duane Dunston is an assistant professor of cybersecurity and networking at Champlain College.
Malicious actors are already using fears and anxiety with the coronavirus to infect computer systems. In one case, the adversaries are allegedly selling an interactive map that was created by John Hopkins that comes loaded with a malicious payload. Meaning, they are selling a coronavirus malicious code kit using a copy of the John Hopkins coronavirus interactive map. Just to be clear, the John Hopkins interactive map is not infected, rather a copy of it has been used by malicious actors to embed malicious code. The malicious copy of the map still receives real-time data which makes it look and appear to be even more authentic.
Similar to the malicious interactive map, phishing campaigns are being spread to try to steal user information.
Also, fake sites seeking donations are popping up as well.
It is recommended that everyone use official sources for monitoring any information regarding the coronavirus such as the CDC website directly (https://www.cdc.gov) or the John Hopkins site (https://systems.jhu.edu/research/public-health/ncov/)
If you receive an email on late breaking news or press releases by local, state or federal officials, visit a website directly like (https://vtdigger.org, https://www.vpr.org) by typing it directly into your web browser.
Also, be on the lookout for email messages that asks you to confirm that you are “safe” or “not sick.” Those may prompt you to enter your email or organization’s username and password.
It is no doubt that cybercriminals are going to use the coronavirus as a method of trying to infect computers, steal credentials, or steal money now and in the coming months. Please use caution and use reputable sites for the latest information by visiting the site directly by typing it into your web browser.
Recommendations:
• Donate to well-established organizations. Visit their websites directly (by manually typing it in) and not clicking a link in an email. Visiting the website manually can provide higher assurance you are visiting the legitimate website.
• Use the service provided by charitynavigator.org to determine if an organization is legitimate.
• Be careful of email messages that claim to have photos, videos or recent updates regarding any major events and require you to click on the link.
• Don’t read or forward email messages regarding the event, especially ones that have a web link AND don’t follow the web link.
• Be cautious of “new” charities formed after an event.
• Don’t give cash or write checks to an individual.
• Be careful of charities that ask for money and require you to donate using your credit card via their website.
Also, be cautious of people on the street collecting “donations” to the victims and survivors of the tragedy. They may use all sorts of psychological tricks, including having photos or other visual reminders to spark a reaction or solicit stories from you or have you “think of your own family being affected.” Well-established charities don’t use aggressive techniques.
• During a major event, check with the local Red Cross or the Red Cross website or the Salvation Army for official ways to assist those in need.
• The Better Business Bureau has a scam tracker website where you can drill down by state and see the amount lost and comments by those that lost money or didn’t lose money.
