Retailers beware: Coronavirus scams are popping up everywhere

Print Friendly, PDF & Email

The National Retail Federation (NRF) has published several updates on the impact that the coronavirus (COVID-19) may have on customers and workers in supply chains and retail locations. In addition to the NRF updates, many businesses are receiving related communications from the U.S. Center for Disease Control (CDC), the U.S. State Department, and several other government agencies. Even more messages may be coming from business networks, family members, and friends.

There are many types of human coronaviruses, but COVID-19 is a new virus that has not previously been observed in humans. According to data compiled by Johns Hopkins CSSE, there are currently over 91,000 confirmed cases across the globe.  As you can imagine, there are a lot of email messages and websites sharing information about COVID-19.

coronavirus map

Because of this overwhelming amount of information that you will be getting through email and other channels, it’s a good time to brush up on phishing and malware attacks. Criminals always find opportunity in tragedy, and this is no different. So far, we've seen a handful of attackers posing as authorities and using the Coronavirus as the basis of a scam.

Some of the most common scams are fake cures and fake fundraising messages. The World Health Organization and the Better Business Bureau have warned against both of these. There are currently no U.S. Food and Drug Administration-approved vaccines, and when a cure or vaccine becomes available, you probably shouldn't try to purchase it through an email link or website. These scams aren't limited to just email either; attackers could try to scam you with a phone call, text, fax, or other methods.

Criminals are also using the COVID-19 in malware attacks. A Coronavirus-themed spam campaign used malicious macros in Microsoft Office attachments that delivered the Emotet Trojan to the desktop. This campaign impersonated a disability welfare service provider and targeted users in Japan. Newer attacks impersonating the CDC are spamming the U.S. and UK with several types of threats in addition to Emotet.

Attackers are using #Coronavirus #COVID19 to trick people into buying fake cures or downloading #malware. Are they impersonating your brand in their scams? #retail #supplychain #DMARCClick To Tweet

The attacks we’ve mentioned so far have assumed that the attacker is impersonating some other authority while trying to trick you. As a retailer, you have to be prepared for the possibility of an attacker trying to impersonate your brand to trick others. If you offer pharmaceuticals or health products, this is the perfect time for an attacker to pretend to be you.

COVID-19 may hit your business through extended supplier shutdowns, travel delays, or the worst-case scenario of a local outbreak. It can also cause damage through malware attacks that infect your network and POS systems, or phishing scams that cost you thousands of dollars.

The FTC consumer alert on Coronavirus scams has a handful of tips on how to protect yourself from these scams. Barracuda also provides retail cybersecurity solutions that protect your company and employees from malware, impersonation attacks, and more.

Scroll to top