Data Doctors: Tips for sniffing out COVID-19 scams

Q: Any tips on what to watch for from COVID cyber-scammers?

A. Cyberscams proliferate any time there are big events, so a pandemic is a huge opportunity to compromise victims trying to keep up with the constantly changing landscape.

They can be in email messages with malicious links or attachments, booby-trapped websites, text messages, social media posts or direct messages from someone who appears to be a friend.

When something this overwhelming occurs, it sets the stage for the scammers to take advantage of the highly emotional state everyone is in, also known as “amygdala hijacking.”

If what you’re reading gets you to let your guard down, you’ll likely fall right into the scammers’ trap.

The hover trick

Since a large percentage of scams include a link to the internet, it’s important not to click on any until you’ve done a few checks.

The links can lead to websites appearing to be legitimate resources, but in the background, they’re sniffing around your computer seeing if you are missing any updates that can be exploited.

The first thing you can do is hover your mouse pointer over the link and look in the bottom left corner of the program to see the actual destination.

Look for any obvious signs the destination has no association to what appears to be the sender. For instance, if it said it’s from a bank, but the destination does not have anything to do with the bank, it’s a red flag.

Scan the link

Instead of clicking the link, you can have it scanned just like files get checked for virus code using the VirusTotal URL scanner.

You simply copy the link and paste it into the scanner to have dozens of malware detection engines review the contents of the link to see if any are harmful.

When you click on the “Details” tab, it will provide the actual URL if a link shortening service was used to create the link. Link shortening is used to hide the actual destination by some scammers.

Search using the contents

Another quick way to learn more about the information being presented, is to copy the headline, subject line or the first paragraph and paste it into Google as a search.

Often times, you’ll find sites that are warning you about a specific scam, or if the information is legitimate, you’ll see a number of trusted resources also posting about it.

Compromised friends

Another attack vector is from a compromised social media account used to post malicious content or send rigged direct messages to that person’s network.

Anytime you suddenly see a post or a direct message from a friend that seems out of character, it’s something to consider before engaging with the information.

‘When’ as a tip-off

Another thing to watch is the actual time the message or post was created. Lots of scammers targeting people in the U.S. do so from a foreign country in another time zone.

Posts and messages in the middle of the night, or very early in the morning aren’t necessarily all scams, but it’s another consideration if some of the other signs also exist.

Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up