Beware of COVID-19 eCommerce Scams & Malware

Within a matter of two weeks, COVID-19 (aka, the coronavirus) has gone from an obscure problem in foreign lands to a major pandemic, with cases now reported in all 50 states. Indeed, even though we are still in the early days of the COVID-19 scare in the United States, this illness has already proven to be one of the most impactful events to hit our country since 9/11.

Sadly, any major crisis in modern times also brings an abundance of opportunities for computer hackers. Perhaps not surprisingly, cybercrime experts are already ruminating on an apparent tie between the sale of products related to coronavirus and an interactive dashboard that tracks infections and deaths resulting from the disease. Specifically, it appears that the dashboard is being used by hackers as a vehicle for spreading password-stealing malware.

The reasons for this are technical, but not terribly complex. The COVID-19 dashboard is a Java-based map that can be sent via email and easily installed on websites. These types of applications work by using .jar files to load the malware on any computer or device that runs javascript. Once your device is infiltrated, hackers can spy on you through your cameras and microphones, and can even read any text messages that you send or receive.

As if that’s not scary enough, federal law enforcement authorities believe that this is just the tip of the iceberg. While they’ve already seen a myriad of scams -- including text messages promising free iPhones in the wake of the coronavirus -- many, many more are believed to be in the works. Unfortunately, hackers know that most Americans will be distracted by the spread of the virus itself, which will lead them to be less diligent about other potential threats.

For example, Americans have been scrambling to purchase products like toilet paper, paper towels, sanitizing hand wash, and the like. The resultant shortages are not just an inconvenience for families and businesses, they also create opportunities for foreign hackers to exploit American consumers. Indeed, given that countries like Russia, North Korea, China, and Iran are not in love with the United States, you can rest assured exploitation of the perceived shortage of products will escalate scams in the coming days.

So, what can American consumers do to avoid these hackers and the scams they perpetrate? For one thing, it is important to remain diligent about the wholesale nature of this pandemic. Although the origin of this crisis is biological, the wholesale exposure of our citizens is on display for the world. Thus, the first thing we can do is recognize our extreme vulnerability to cyber attacks in this difficult time.

From a practical perspective, that means the following:

●        Be more careful than usual about opening links you receive by text or email -- especially if they are related to the coronavirus;

●        Recognize that “disease-trackers,” even from legitimate sources, may be used as pathways for malware -- while you can tell your loved ones about them, don’t send them via email/text/messenger or post them to your own website;

●        Be wary of price-gouging in the online sale of “shortage” items like toilet paper (or any other items that consumers seem to be hoarding in the early days of this pandemic);

●        Report blatant examples of price-gouging and other exploitation of consumers (currently, most states’ attorney generals have hotlines for these abuses);

●        If your computer is acting more sluggish than usual (a potential sign that it has been infected by malware), be very cautious about using bank passwords or other sensitive passwords until you’ve had your computer checked by a professional; and

●        Generally, just be more aware than normal of the potential for cyber attacks and other computer scams.

We will keep on top of future hacks and scams as they evolve and will report them to you quickly. For now, however, all Americans would be wise to simply exercise an added degree of caution when doing anything online -- especially if it is related to the outbreak of COVID-19.

Bruce Anderson is the co-founder of eEnforce, a brand protection firm, as well as a freelance journalist that covers the rapid explosion of harmful activities in eCommerce that adversely impacts brands, organizations and consumers. Bruce is currently a member of the FBI Infraguard, and the Secret Service Financial Crimes Task Force, is former police detective and is registered as a Private Investigator, specializing in investigating illegal eCommerce and brand protection activities.  You can reach him at media@e-enforce.com.