If anything, they’ve only grown more brazen and active. “Overnight, the pandemic has become the number one subject on everyone’s mind,” explains Emilio Simoni, Research Director at dfndr lab, “and that’s irresistible to hackers and scammers.”

Simoni continues: “The first job of any scammer is to get your attention: to stop you on your path and pull your interest toward their offer or message.  The coronavirus pandemic has created a topic that everyone is intensely interested in, all over the world. This has made the scammer’s job much, much easier. And they’re making use of both the intensity of interest and the global breadth of exposure.” 

An Explosion of Coronavirus Malware

Under Simoni’s direction, the experts at the dfndr lab have found more than 227 different Coronavirus-content scams. Most of them offer a dashboard which falsely promises users access to a real-time map for global or local surveillance of COVID-19 cases. As soon as they’re downloaded, they act as ransomware. Typically, they lock the home screen and blackmail the victim into paying a specified amount of money to “unlock” the phone. The ransomware messages are often intimidating, claiming access to photos and private information, like this one:

SuperVPN: 100 Million Users, Finally Deleted From The Google Store

But coronavirus scams aren’t the only vulnerability out there. As Emilio Simoni explains: “You need security solutions that look out for more than scams and hackers. Even apps that aren’t clearly malware or ransomware can totally compromise your security. SuperVPN is a perfect case in point: it’s security problems have been known for over a year, but the app has been removed from the Google Play store very recently.”

SuperVPN offered users the ability to browse the internet as if they were coming from a different country, providing access to sites and functions that they wouldn’t normally be able to reach. For the app to work, an exchange of information between the device and the app was required. That process of exchange was loaded with serious vulnerabilities, and resulted in the theft of data like passwords and credit card numbers. Beyond its security issues, SuperVPN also appeared to violate Google Play’s algorithm in order to get more installs. They were very successful, racking up more than 100 million users before finally being removed.

“If you know anyone who has downloaded and installed SuperVPN,” Simoni remarks, “make sure they remove the app as soon as possible.”

Above is an illustration of how SuperVPN compromised user’s secure data.  (Image: VPNPro)

Protect Yourself From Hackers AND Vulnerabilities

One of the best ways to protect your information now is to upgrade your dfndr app (if you haven’t already) to dfndr Pro.  (Here’s a link where you can learn more, and download Pro if you decide it’s right for you.)

As apps with hidden “cracks” in security like SuperVPN illustrate, you have to be not only informed enough to resist the hackers and scams, you also have to have proven technical tools to keep your devices safe.

As Emilio Simoni explains it: “As we publicize these cases of hackers and scams, we want to be cautious and let people know that all data breaches or “malware” won’t always follow a specific pattern. Lots of data breaches happen with very reputable software makers or business transactions. There are many ways your data can be compromised. To be safe, you need more than your own human intelligence at work.” 

This is why dfndr Pro offers a full suite of security capabilities:

Unlimited Identity Theft Reports: These provide your “outer-perimeter” defense, looking out for privacy vulnerabilities beyond your own device. These reports reveal if any of your information has been leaked, with a one-click check of a database with over 4 billion compromised credentials. 

Anti-theft protection: Protects against physical loss that leads to data loss: in case of theft or loss of your device, you can lock  it down remotely, find the phone on a map; or, activate a loud alarm to find it nearby. You can also get a picture of the thief, and wipe the phone of your personal data.

Safe App Installer: Protects you from apps known to have had data breaches — before you install them.

App Privacy Scan: You can locate on a map where your app data is going and how it might be used by third-parties.

Ad-Free: As an extra bonus, Pro is totally ad-free.

Stay Vigilant!

With dfndr Pro in your toolbox, the rest is a matter of staying as aware as you can and protecting yourself and your family.  Consider adopting these rules for use of digital devices in your home:

• Take extra care with any link or article about coronavirus. Use reliable sources, such as legitimate government websites, to get real, fact-checked stories and information on COVID-19.
• Don’t click on links sent to you via email from unknown people. 
• Look very closely at email addresses and names: If the source looks or sounds like someone you know but the name or email address seems even slightly off…stay away! If the name is right but the message is brief or confused, or not at all like the person you know…your friend could be the victim of a hack themselves.
• Only download or install software from trusted sources. Make sure you double check url’s! 

Stay safe! We will keep you up to date on all the latest we hear about scams of all kinds: coronavirus-related, and otherwise. Until then, stay safe and keep your loved ones safe and informed too. 

Finally,  if you or someone you know is a healthcare worker, please accept (or pass on) our grateful thanks.  

LEGITIMATE SITES ARE BEING “FAKED”

One of the most high-profile recent attacks was aimed at a popular, interactive COVID-19 tracking map maintained by Johns Hopkins University.  Hackers are selling malware that compromises the map and infects users. The university is aware of the malware impersonation of its site, and warned users to only trust the maps at its own website.

Sadly, the John Hopkins fakes are just one of MANY recent attacks that deliver spam, steal credentials, and infect victims with malware. Digital hackers have been very quick to exploit an understandable desire for reliable information, amid widespread anxiety about the COVID-19 outbreak. Emilio Simoni, director of dfndr lab, a laboratory specializing in digital security at PSafe, notes that “Cybercriminals aim to profit from this global health crisis: by taking and/or ransoming victims’ personal data; by spreading internet scams; and by infecting victims with malicious malware downloads.”

UNPRECEDENTED CHANGE MEANS NEW DIGITAL THREATS

The Coronavirus pandemic has already changed normal daily life and the way business is getting done.  Because so many people are being asked to shelter-in-place and practice social-distancing, a much larger number of people are now working remotely, and spending even more time online.

Hackers have ramped up their activity to meet this moment.  Malicious actors have seized the opportunity to target victims with greater numbers of scams and malware campaigns.  Remote work vulnerabilities are being exploited, so organizations must minimize cybersecurity risks as best they can.

PROTECTING YOUR DIGITAL DEVICES

Most of us access the internet and social networks through our cell phones. For this reason, security experts recommend that you employ a dedicated solution that alert you in real time whenever you access a scam site, or interact with a known digital virus “vector.” dfndr Security has a robust Anti-Hacking capability you can activate if you have the app — and if you don’t have the app,  you can download the free version, right here. Upgrade to the dfndr Pro version if you want to get the Safe App Installer (which warns you if an app has malware). It also offers Identity Theft Protection to keep your email safe. 

Consider downloading dfndr Pro during this crisis to keep your digital devices and your information as safe as possible..

MORE WAYS TO PROTECT YOURSELF

The best ways to protect your personal (and business) cyber health are almost exactly the same as during “normal” times: 

• Don’t click on any links from unknown people
• Only download or install software from trusted sources — double check those url’s! 
• To make these checks automatic, download dfndr and use its anti-hacking features: it will protect you from malware and known hacking sites. You can also use a link analyzer, like the free one dfndr offers, but having the app on your device makes this so MUCH easier!
• Use reliable sources, such as legitimate government websites, for current, fact-based information regarding COVID-19

Information and prevention are the best weapons to fight the Coronavirus: 

It’s worth remembering that the simplest measures will be immensely powerful in this battle. Stay alert, stay calm, wash your hands as frequently as you can, and practice social distancing. It’s important to recognize that while you may not be in a high-risk group, and you may not feel ill yourself, you can still be a carrier of this virus.

Make sure you get your information from reliable sites and from people with credentialed expertise. If a message, inquiry, or offer feels fishy: it may well be a hacker. STEER CLEAR. At PSafe we’ll continue monitoring developments with Covid 19 and the digital scams, hacks, and viruses that are accompanying it.

Count on us to keep you informed and protected. We are with you in this fight!

“Flattening The Curve”
All over the world, large public gatherings and sporting events are being limited to essential personnel, postponed, canceled, or rescheduled — and health experts are emphasizing the need for people to do whatever they can to reduce the potential strain of an uncontrolled outbreak on healthcare resources. Experts warn that the death toll for Covid 19 will be much worse if the infection rate overwhelms global, national, or local resources for care: hospital beds, healthcare personnel, and medical equipment and supplies. The idea of taking every reasonable precaution to reduce infection risk, and thereby flatten the demand curve, is perhaps the most important message to understand on the global & collective level. 

On an individual level, experts are advising everyone to do their best to maintain “social distance,” and counseling those who feel ill or those who are at-risk due to age or pre-existing vulnerabilities, to “shelter-at-home” whenever possible. 

Widely shared chart from Biology Professor Carl T Bergstrom, University of Washington, visualizing the need to flatten the demand curve for the impacts of Covid 19 on global (and local) healthcare system resources.

Good Sources of Information
At Psafe, our expertise on viruses is limited to those that infect digital machines. We’re also vigilant about invasions of privacy, scams, and people and organizations who use technology to profit for themselves by harming others.  As such, we understand that our role in this crisis is to provide you with digital protection, and with good information. We also wanted to offer a reminder to use good judgment about the sources you consult online to get information about coronavirus. 

Three excellent resources we recommend are:
– The CDC (Center for Disease Control and Prevention)
– The UK’s National Health Service
– The WHO (World Health Organization) 

The WHO has also published an excellent resource online to fight misinformation: a myth-busting page specifically focused on Covid 19.

Of course there are many other great sites as well. Many resourceful and well-intentioned people have stepped forward to provide others with helpful information online. This coronavirus data site, created by student Avi Schiffman in Washington, USA, is one such example.

But given the scale of this crisis, we are already seeing many scammers and malefactors who are using this moment to spread disinformation, seeking profit for themselves, and harming others.

Fake News: During Crisis, More Damaging Than Ever
“According to Emilio Simoni, director of dfndr lab — a laboratory specializing in digital security at PSafe — fake news tend to have two objectives: financial profit, with the advertisements conveyed in the fake news itself; or, the manipulation of public opinion — very common, for example, in electoral periods. “In an environment where thousands of pieces of information are shared per minute, it becomes crucial to differentiate what is true and what is not.”

Simoni explains that this ability is not evenly distributed across large populations:  “The portion of the population that has no proximity to the new digital culture and new technologies, becomes more vulnerable to fake news, especially when they address alarming issues. However, everyone, regardless of age, sex or education level, is susceptible to influence from fake news, which is why citizens, at times like this, need to share knowledge about these malicious practices on the internet, to protect themselves against misinformation.”

How To Spot, And Discourage The Spread of Bad Information
Social Media sites like Facebook, Twitter, and YouTube are working to limit or label misinformation when they see it, but the very nature of those platforms makes it difficult for them to catch every sketchy source or misleading story. Sensational plot-lines, suggesting that the virus was “human-made in a lab” or that you can protect yourself by ingesting silver or bleach, are (predictably) starting to make the rounds, and of course many of these sensational stories have the same kind of viral resilience of Covid 19 itself.

The myth busting site listed above is a great place to start to protect yourself against this misinformation, and it will be useful to continually refer-to as these stories multiply and mutate.  Consider helping your friends who post bad information by sending them a helpful PM, or, simply post the debunking information in their threads — as long as you feel secure doing so.

As Simoni suggested, the other main tell is to look with great skepticism at anyone who 1) Is selling you something, whether information or a cure of some kind, or 2) Some who is asking you for private information.

One of the great difficulties with viruses like Covid 19 is their ability to adapt and reshape themselves. The same can be said of scammers and con-artists — but scammers have some very reliable patterns you can learn to recognize and protect yourself. Whatever form their scams take, they always seem to WANT:

Your attention, (right now, no matter what)!

Your sympathy, or vote

Your trust

Your information

Your money

…And this is key too:  They’ll often use whatever information they can acquire about you publicly (or deviously) to make you feel like they know you already.

If you are involved in an interaction online with a stranger or someone new to you that has one or more of these markers, be on your guard.

We’ll Do Our Best To Help
If we become aware of specific threats or scams that threaten our customers, we’ll do our very best to keep you informed. For now, we want to thank you for taking the time to read this post, and wish you and yours the best as we all work together to take on this epidemic. Stay on guard, and stay in tune with the best sources of information you can find!