Phishing Epidemic Adds Online Misery to Coronavirus Pandemic

By Robert S. Anthony

Is there an easy answer for the COVID-19 pandemic? No.

And that sad fact translates into opportunities for those with bad intentions to take advantage of a stressed, anxious public to profit, spread fake news or circulate useless advice, say medical, online security and communications experts.

“When people are fearful, they seek information to reduce uncertainty,” Jeff Hancock, a Stanford University communications professor, told Stanford News Service.

“This can lead people to believe information that may be wrong or deceptive because it helps make them feel better — or allows them to place blame about what’s happening.”

Phishing, crafting fake emails and other messages so they look genuine, is not new but has evolved.

These missives, once easily identifiable by typos and bad grammar, now arrive with attractive formatting and authoritative wording.

They’re often lures to get recipients to click on links that lead to data-stealing malware or even ransomware, which locks down computers or mobile devices until a ransom is paid.

Because of the coronavirus pandemic, the public is falling victim to coronavirus misinformation at alarming rates, according to a survey of nearly 6,000 people in the U.S. and U.K. published in the Annals of Internal Medicine by the American College of Physicians.

The sheer volume of questionable pandemic news and advice being circulated via social media prompted, which investigates reports of fake news and hoaxes, to shift to full-time coronavirus coverage.

On Tuesday, 35 of the 46 items on the site’s “Hot 50” urban legends page were related to COVID-19.

A official declined a request for comment from Digital Privacy News, saying, “We are unable to accommodate media requests at this time.”

One popular hoax recently snagged Stanford and its affiliates.

The fake message, purportedly “from a friend at the Stanford hospital board,” alleged that those who could hold their breaths for 10 seconds without coughing were free of COVID-19.

It also suggested that a sip of water every 15 minutes would keep throats moist — thus washing viruses into the stomach, where stomach acid supposedly would kill the viruses., citing well-vetted information from the Centers for Disease Control and Prevention and World Health Organization, concluded that these tips and its many variants were void of medical value.

With the university’s reputation hijacked, Stanford Health Care found itself having to assure the public via its website that it “was not involved in the creation of this document.”

In another instance, a fake email purportedly from Internet-domain registrar GoDaddy carried the subject “Important Notice — Covid19” and promised “important information specific to your user-profile.”

The message urged recipients to click on a link which, upon close inspection, didn’t connect with GoDaddy, based in Scottsdale, Ariz., but to an internet domain in the Isle of Man.

The link, which wasn’t tested, could have led to an automatic download of malware. The New York State Attorney General’s office, among others, have urged internet domain registrars like GoDaddy to cleanse their databases of domains connected with pandemic scams.

Is there an antidote for pandemic-related misinformation?

A summary of the Annals of Internal Medicine study concluded that “correcting these misconceptions should be targeted in information campaigns organized by government agencies, information provision by clinicians to their patients, and media coverage.”

Robert S. Anthony is a New York writer.

Image Credit: DRogatnev

Phishing Safeguards

Here are some recommendations to avoid phishing scams from the Electronic Frontier Foundation in San Francisco:

  • Check the sender’s email address. Are they who they claim to be? Check that their contact name matches the actual email address they’re sending from.
  • Try not to click or tap. If it’s a link and you’re on a computer, take advantage of your mouse’s hover to closely inspect the domain address before clicking on it.
  • Try not to download files from unfamiliar sources. Avoid opening attachments from any external email addresses or telephone numbers.
  • Get someone else’s opinion. Ask a coworker: Were we expecting an email from this sender? Or ask a friend: Does this email look strange to you? A good practice is to use a different medium to verify (for example, if you receive a strange email claiming to be your friend, try calling your friend by phone to double-check that it’s from them).

Sources (all links external):

  • Annals of Internal Medicine link
  • Stanford News Service: link
  • Snopes: link
  • Snopes: link
  • Stanford Health Care: link
  • New York State Attorney General: link
  • Electronic Frontier Foundation: link