Coronavirus fears fuel scam frenzy: How to keep yourself safe

(Image credit: Getty Images)

Are you worried about the coronavirus pandemic? Good! Because scammers, criminals and nation-state hackers are counting on you to be scared enough to click on one of their many, many online phishing, malware and spying scams. 

We first saw coronavirus-related scams pop up back in late January. IBM researchers found malicious email attachments pretending to be coronavirus advice that carried the Emotet Trojan, which steals money and information and spews spam. 

At the same time, Kaspersky researchers noticed online links to coronavirus information that led to malware-corrupted video files, PDFs and Word documents.

In mid-February, Proofpoint researchers saw several phishing emails offering more coronavirus advice from the World Health Organization (WHO) and other authorities. One of them even offered a "cure" for coronavirus. 

But none of them would give you the juicy details until you provided a username and password to a third-party service such as Microsoft Office or Adobe Creative Cloud.

Now that it's mid-March, the floodgates have opened. Russian, Chinese and North Korean state-sponsored hackers are reportedly using coronavirus lures to steal information and spread propaganda, and another group has cloned the widely admired Johns Hopkins coronavirus-tracking map to spread malware. 

Fortunately, it's fairly easy to avoid being taken in or infected by these various scams and tricks. Here's how:

-- Install and run some of the best antivirus software, not just on Windows but on Mac and Android too. The malware you'll encounter with these scams is already well known and will be detected and stopped by AV software.

-- Don't open file attachments in emails, even those from authority figures, that promise important information about the coronavirus. 

If the authorities really want to tell you something urgent, it'll be in the body of the email and you won't have to open an extra file to see it. If you want to learn the latest, go straight to the official websites of the Centers for Disease Control and Prevention (CDC) and the World Health Organization.

-- Don't click on random links in emails or on Instagram, Facebook, Twitter or other social media that promise exclusive or important new coronavirus information.

-- Enable two-factor authentication (2FA) on every online account that allows it. With 2FA enabled, a crook can't hijack your account even if you're tricked into giving up the password. 

-- Make strong, unique passwords to all of your most important online accounts, such as those for email, social media, banking and shopping. Store those passwords using one of the best password managers.

-- Disable macros in Microsoft Word if you use it.

-- Create limited user accounts in Windows and macOS and use those for your day-to-day activities. Use administrator-level accounts only for installing, modifying or removing software.

-- Beware of charity scammers trying to raise money for coronavirus relief.

Last but not least, realize that there will be no cure for the coronavirus for at least several months. 

All the coronavirus-themed online scams and warnings (so far)

Below is a constantly updated list, in reverse chronological order, of all the coronavirus scams we've heard of so far. 

March 25: A scam spreading via WhatsApp and text messages says Netflix is giving out free accounts during the coronavirus crisis. But when you click on the link, it asks you to send the link to 10 friends before you can claim your free account. 

March 24: An Android app pretends to be a "Coronavirus Finder" that tells you who nearby is infected with the virus, but the app is actually the Ginp banking Trojan, Kaspersky said.

March 23: A phony "Corona Antivirus" distributed by spam emails promises to protect you from the real coronavirus as well, Malwarebytes reported. We don't know how that's supposed to work, but if you install it, it drafts your PC into a botnet and steals your passwords and cryptocurrency.

March 22: The U.S. Justice Department forces the takedown of a website selling a coronavirus "cure."

March 20: A fake Starbucks promotion spreading via text message and social media promises a $100 gift card as a reward for social distancing, but don't believe it: It's a scam.

March 20: The Folding@home project has many worthy programs in which ordinary people donate CPU cycles to coronavirus research, but avoid emailed or social-media invitations to install the software. It's really malware that will steal your passwords.

March 20: A strange scam promises to get you a "Coronavirus safety mask" if you just install an Android app. But it just sends text messages to everyone in your address book inviting them to download the app too.

March 19: An extortion scam spotted by Sophos threatens to "infect every member of your family with the coronavirus" unless you pay $4,000 in Bitcoin.

March 18: In an unexpected bit of good news, two of the most successful ransomware gangs told Bleeping Computer they would refrain from attacking medical facilities during the ransomware crisis.

March 18: Thousands of coronavirus-related scam and malware-distribution websites are being created every day, according to several different surveys compiled by ZDNet.

March 17: Bitdefender reported that several dodgy websites were offering to sell hand sanitizer, medical face masks, surgical gloves and digital thermometers, some in exchange for bitcoin. There was no guarantee the buyer would receive anything.

March 16: U.S. Attorney General William P. Barr orders federal prosecutors to prioritize prosecution of coronavirus scammers and malware distributors.

March 16: A hacker group believed to be backed by the government of Pakistan was seen spreading remote-access Trojans via coronavirus-themed emails in India, Malwarebytes reported.

March 16: A cyberattack tried to disrupt servers operations at the U.S. Department of Health and Human Services, Bloomberg News reported.

March 16: Britain's National Cyber Security Center, a division of the GCHQ signals-intelligence agency, warned UK residents about coronavirus-related malware, phishing and other attacks.

March 13: Another clone of the Johns Hopkins coronavirus map is tricking people into downloading and installing an Android app that's really ransomware, DomainTools reported.

March 13: A large Czech hospital responsible for carrying out coronavirus test, University Hospital Brno, said it had been hit by an unspecified cyberattack.

March 12: Reason Cybersecurity reports corrupted clones of the Johns Hopkins coronavirus-tracking map are spreading the AZORult information-stealing Trojan. Independent security reporter Brian Krebs says the corrupted Johns Hopkins map is being sold in cybercrime catalogs as part of a coronavirus-themed malware package.

March 12: Check Point spots Chinese state-sponsored hackers sending fake coronavirus-notification emails from the Mongolian Ministry of Foreign Affairs that carry Microsoft Word attachments booby-trapped with malware. 

March 12: A new form of ransomware calls itself Coronavirus and changes the name of infected hard drives to "CoronaVirus", Bleeping Computer reports. The ransomware doesn't actually spread by luring people with coronavirus information, at least not yet -- it just uses the name to sound scary.

March 7: Bleeping Computer reports that a new malspam campaign sends out emails purporting to come from the WHO, but the attached ZIP file downloads the FormBook information-stealing Trojan.

March 6: The Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security, issues a warning about coronavirus-themed online scams.

March 4: Sophos reports that emails in Italian pretending to be coronavirus tips from the World Health Organization come with a weaponized Word document that installs the Trickbot Trojan.

March 4: Cofense reports on a phony CDC email warning that coronavirus has gone airborne. The link to view the information is a phishing scam.

Feb. 29: The WHO posts an advisory on its website to "Beware of criminals pretending to be WHO".

Feb. 28: Fortinet spots a fake email from FedEx advising customers of coronavirus contingency plans for shipping, but which loads the Lokibot information-stealing Trojan when the attached PDF is opened.

Feb. 27: A South Korean "government statement" email about coronavirus contains a Word document carrying the North Korean BabyShark malware.

Feb. 20: Fake emails from Ukraine's health ministry about coronavirus infections in evacuees from East Asia lead to attacks on buses and medical facilities, BuzzFeed News reports. Some of the fake emails may contain a backdoor Trojan.

Feb. 13: Proofpoint reports phishing emails that want your username and password in order to show you vital coronavirus tips, and even a "cure."

Feb. 13: ESET researchers notice fake Brazilian websites promising coronavirus news, but which really download a banking Trojan onto visitors' machines.

Feb. 10: The Federal Trade Commission warns Americans about online scams pretending to offer coronavirus advice.

Feb. 7: Kaspersky spots phishing emails that pretend to be coronavirus information from the CDC, but which asks you for your Microsoft Outlook username and password when you click on the link.

Feb. 5: A fake English-language email from the WHO asks you to click a link, which in turn asks you for your email address and email password, Sophos reports.

Feb. 4: The U.S. Securities and Exchange Commission warns investors to beware of coronavirus-related scams.

Jan. 31: KnowBe4 reports a phishing email purporting to be a coronavirus advisory from the CDC.

Jan. 30: Kaspersky reports malicious links to online files promising coronavirus information, and IBM reports email attachments carrying the Emotet Trojan that pretend to come from Japanese health authorities.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.