Privacy Canada is community-supported. We may earn a commission when make a purchase through one of our links. Learn more.

COVID-19 Phishing Scams and Malware

Ludovic Rembert
Last Updated on November 23, 2020
COVID-19 Phishing Scams and Malware

Scammers, Phishers and other assorted online criminals are nothing if not adaptable, and the COVID-19 pandemic has unfortunately proven that. Whether for your data, cash, or privacy, this new wave of scams and malware has made the internet -which people have been spending vastly more time on- a more dangerous place for them all. The problem has grown so large that even the FBI recently issued an official warning about this new wave of online criminals.

The question on your minds no doubt is, what are these scams, and how do I look out for them? Hopefully, at the end of this article, you will be better informed and able to combat the wave of COVID-19 Scammers.

Money Laundering

Around the world, employment prospects are proving increasingly bleak, driving many to search for easy money online. This has flooded the digital jobs market and created the conditions for illegal operations to scoop up those unable to find other ways to make money online.

One of these is known as ‘Money Mules’, at face value, it’s a tempting offer; requiring the mule to do nothing but receive and transfer money from one account to another, for a small cut. However, this is a classic method of money laundering that is taking advantage of the vulnerable and underinformed to ‘clean’ dirty money.

Even ignoring the fact much of this money comes from drug deals, theft, and other unsavoury sources, as the official FBI guideline states, it “not only jeopardizes your financial security and compromises your personally identifiable information, but is also a crime”.

How to Avoid Being a Money Mule

It might be easy cash, but it’s not worth it for a whole host of reasons, it permanently compromises your financial security, and could even lead to criminal charges. The scam is often advertised on legitimate job forums, giving it a veneer of legality, but will ask for dealings with your bank account far in excess of what it should. If an online job asks for you to do any work with your account that isn’t about you receiving your pay-check, avoid it. Some will even ask you to set up new accounts, this is the biggest red flag, and consider reporting them if you get the chance so others don’t fall for it.

Variations on the Theme

Unfortunately, the scammers aren’t always so obvious and are adept at pulling on some heartstrings. With so many people trapped abroad by lockdown, a common variation on the mule scheme is to claim they need you to transfer money to a loved one trapped in a foreign county because they are not able to themselves. These usually use the medium of email, so a secure email service provider is an ideal shield against them

There are many, many variations on this. People needing hospital bills, medical equipment, and even charity veneers. The general rule of thumb with all of these, if your feel like your account is being used as a leapfrog for funds that aren’t your own, there’s an exceptionally good chance you are unwittingly becoming a Money Mule.

Scamming Shops

Like many things, online shop usage has exploded, and so have fraudulent ones. Many find their niche claiming to sell virus-related equipment, such as sanitiser, gloves, masks, and other PPE. With shortages, anxiety, and desperation, many ignore warning signs and pay for non-existent products.

These shops are quick to be shut down, in the UK 2,000 scam sites were closed in March alone, but they are just as quick to spring up again.

Avoiding them is difficult but checking for safe HTTPS settings and sticking to trusted websites, rather than venturing onto newer ones, is a safe bet for avoiding a scam. If you do stumble onto an unsafe HTTP site, many VPN’s such as ExpressVPN are specifically designed to keep you safe, so are worth having.

Dodgy COVID information

Most governments, states, and municipalities have done a good job providing succinct and informed advice on the pandemic, all widely available online. With such a bounty of reliable information online, you might be surprised to learn that access to unsafe COVID info-sites has grown far faster than access to the official government ones. This is a very worrying trend, not just because the health information could be unreliable, but because these are where a lion’s share of scams will spring from. Whilst numbers of people caught in them remain relatively low, the trend itself is worrying.

To avoid falling foul of phishing or another scam -as they are doubtless to grow more sophisticated as successes are replicated and failures dropped- stick to official government sites when getting your info. The information is far more likely to be reliable and the scamming risk is eliminated, for internet security, it’s a no brainer.

Malware Mercenaries

With so much more internet usage, many institutions and businesses are having to rely heavily on their online aspects. Whilst helping ease lockdown, it provides a golden opportunity for so-called ‘Booter websites’.

These are webs-markets that provide mass DDoS attacks as a service. People use these services to attack, crash, and infect websites they, for whatever reason, want to see burn. Possibly in response to increased competition, these attacks have grown more frequent, and usually involve thousands of sock-puppet websites accessing a single site in seconds, causing a traffic overload and crash.

Preventing these is difficult and requires some serious protocols in place to help recognise and then stem the tide. Fortunately, Cloud-based hosting is one of the most effective defences, and plenty of hosting services have inbuilt DDoS protections. If you’re worried about it happening to your website, especially during the highly competitive COVID-era internet, check out cloud-based hosting first and foremost. For further information on preventing other attacks, check out our guide to the best Malware scanners.

The Good News

Luckily, the chance of a Booter website attack is now a lot slimmer than it once was. A recent operation, involving the Dutch police, Interpol, and FBI, managed to take down 15 large Booter websites. While this involved an arrest, many of these were preventative operations, the police stated: “With preventive actions, we want to protect people as much as possible against DDoS attacks. By taking Booters and their domain names offline, we make it difficult for cybercriminals”

COVID-Tracking and Privacy

Governments have been scrambling to cope with the pandemic, looking for any solutions that will help stem the tide. One that many have hit upon is contact tracing, and big tech companies such as Google and Apple have been happy to hop on board.

Naturally, having your movement logged and monitored has left some uneasy about their online privacy, making this another point of contention in the realm of COVID-19 security issues. The idea is to have people install apps on their mobile devices to track who they have contacted, and where they have been, hopefully helping predict possible infections and transmissions.

This raises a whole host of issues, who will be viewing this information? Will it be secure? Will its gathering stop after COVID? Whilst ostensibly voluntary, in some cases this may not even be the case. The PANTHR AI system Canada is using to gather data on the pandemic has so far not started contact tracing, but rumours that it may be expanded to this has raised concerns. This follows the fact that so far PANTHR is technically obligatory, using de-identified patient data and medical records that don’t need patient consent.

Related: Cybersecurity AI vs. Malware AI


Far from just making it risky to go outdoors, COVID-19 is affecting our online safety as well! Like any crisis, criminals will always seek to exploit it, with the unprecedented scale of this lockdown, the corresponding crime increase is sure to match. Now that so many of us are spending more time online, we have to be extra-vigilant to the proliferation of phishing, scams, and malware out there.

However, fighting them is not only possible but not particularly difficult. Most are simply rehashing of old techniques with a COVID veneer, and others are unsophisticated but rely on simple volume to ensure their occasional success. If you follow basic online security guidelines and have privacy tools such as VPN’s, your likelihood of getting scammed is negligible.

All that said, always be vigilant and keep wise to any new tricks and fraud-styles that emerge in the expanding online world, as long as there is a crisis, there will be scammers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related news