While people are preparing themselves against COVID-19 (coronavirus), another threat that has appeared is cybercriminals trying to take advantage of people’s uncertainty and fears.

Recently, the Canadian Centre for Cyber Security (CCCS) has reported several phishing campaigns and malware scams from imposters and fraudsters who are posing as health agencies such as World Health Organization (WHO) and the U.S. Centres for Disease Control and Prevention (CDC).

These scams use a fake website that looks like the real WHO website along with a fake pop-up window in front of it asking for a user’s personal email address and password to gain access to their health information.

People are also warned to beware of email attachments that have been linked to the U.S. CDC.

“That one proclaims there is a document attached that is official advice from the government on how to stay safe during the coronavirus outbreak,” says Chester Wisniewski, cybersecurity specialist at international security firm Sophos. “If you try and open that document and it infects your computer with malware, it will try and steal your online banking information and your passwords.”

The CCCS has released a list of steps for people to avoid falling victim to scams and protecting their information.

  • Make sure the address or attachment is relevant to the content of the email.
  • Make sure you know the sender of an email.
  • Look for typos.
  • Use anti-virus or anti-malware software on computers.
  • Make sure that the sender’s email address has a valid username and domain name.
  • Be extra cautious if the email tone is urgent.
  • If you were not expecting an attachment, verify with the sender.
  • Make sure URLs are spelled correctly.
  • Directly type the URL in the search bar instead of clicking a provided link.
  • If you must click on a hyperlink, hover your mouse over the link to check if it directs to the right website.

Other steps also include using passwords that no one but yourself can figure out easily, keeping all mobile devices, computers, and apps up to date, backing up your data, and protecting your social media and email accounts.

Update, April 7: Work-from-home scams are starting to quickly crop up. They are always around, but with most people staying home they are rapidly proliferating. Here are ways you can recognize a work scam.

Asking for money up-front. You do not pay for a job. They pay you. Never, ever give someone money for a work-from-home opportunity.

If it is too good to be true — it is. Do plenty of research and trust your gut feelings. Usually some part of you knows it’s a pyramid scheme or other scam. If they promise huge, unrealistic amounts of money, it’s a scam.

When there is almost no info available about the company or anyone who works there. If there is no info, no video chat, no data on the company, it’s usually a bad sign.

The job description is really vague or seems silly or pointless. If there’s not much info and it promises quick, easy hiring and fast, easy money, it’s not a real job.

No company email account. If your contact uses a general kind of account like AOL, Gmail, Yahoo, etc. and there’s no website or the website looks bad, don’t trust it.

Times are very hard. Don’t get taken in by a scam that can make your life harder. Be vigilant and be skeptical.