The Judicial Police (PJ) and the National Cybersecurity Center (CNCS) detected in Portugal a new wave of fraudulent schemes that are trying to take advantage of the panic of some users regarding the Coronavirus pandemic (COVID-19). Since the beginning of February this year, authorities have detected several cyber attacks that exploit the theme of COVID-19, which aim to infect users' devices with malicious software or, then, extort money from Internet users.
The authorities clarify that among registered cyber attacks there are threats that have also been detected by cybersecurity companies at the international level. For example, phishing scams where attackers pose as official entities such as the World Health Organization (WHO) or UNICEF.
similar to cases detected abroad, phishing campaigns by email, SMS or disseminated through social networks, include attached files that serve as a way to capture users' personal data and to infect their devices with malware.
The PJ and CNCS also warn of digital platforms or applications that supposedly disseminate information in real time about the pandemic. Dynamic online maps that provide data on the spread of the disease worldwide have become one of the vehicles chosen by hackers to infect users' equipment with AZORult malware.
In addition, several fraudulent schemes shared through e-mail and social networks that publicize crowdfunding initiatives for false campaigns for the purchase of medical or personal protection material were detected. The authorities warn that the attackers are resorting to SMS schemes with messages indicating that all citizens will be vaccinated against COVID-19 and that they will later be reimbursed by the Government. The burles claim that the victim will have to pay a certain amount and that they must access a link to register.
To avoid falling into a fraudulent scheme, PJ and CNCS recommend extra attention and prudence, especially with regard to access, reception and sharing of online content about COVID-19. The authorities indicate that the only reliable sources of information are official entities.
The boards of PJ and CNCS are also joined by those from international cybersecurity companies. Reason Labs, for example, recommends not visiting websites or downloading without being sure that they are legitimate and checking details such as address format, spelling, online comments and domain registration.
In the event that you have received a questionable email from an official entity, Kaspersky advises you to check that the sender's electronic address and the links in the body of the text are legitimate. Also, opening the attached files is not a good idea at all. If, by chance, you ended up logging on to a fake page, it is best to change all your passwords immediately.