Latest COVID-related Scams: Stimulus Check, Job Opportunities, and COVID-19 Passport Scams

This article is from Trend Micro.

Even though we’re gradually returning to normal life, COVID-19 remains one of the scammers’ favorite tactics to exploit people.

Scammers use different excuses to contact you through SMS and email, prompting you to click on links or attachments. They pose as government agencies and say you can claim a COVID stimulus bonus, impersonate health centers and ask you to update your medical information, or pretend to be charity organizations offering job opportunities.

Why do they want people to click on the links? Their ultimate goal is to steal your personal information. They direct you to phishing sites so they can collect your sensitive data and use it for their own good. The links may lead you to:

• Fake login pages impersonating brands
• Fake application forms

Scammers can record all the sensitive data you enter and use it to steal your money and identity.

COVID-19 Stimulus Bonus Scam

Scammers have been impersonating US government agencies and sending out text messages and emails, saying that people can claim stimulus bonuses via the attached phishing links.

The links (sometimes embedded buttons) lead to phishing sites that collect your personal information. To receive the bonus, you are required to submit banking details, which in fact end up in the scammers’ hands. Here are some examples:

Content

• congratulations, we are pleased to inform you that your information was randomly picked up for covid-19 stimulus payment from the american rescue plan under the treasury department. kindly follow the link to complete the form <URL> when you’ve submitted your details espinal martin for the employment department will contact you for more details on how you will receive your money asap. Thanks
• congrats, we are pleased to inform you that your information was pick up for covid-19 stimulus payment from the federal government by joe biden. you are eligible to the payment. kindly follow the link too complete the form <URL> when you’ve submitted your details mack coleman for the employment department will contact you for more details on how you will receive your money asap. Thanks
• the american rescue plan provides $350 billion in emergency funding for eligible state, local, territorial, and tribal governments to respond to the covid-19 <URL>

COVID-19 Job Application Scam

Because many people have lost their jobs due to the pandemic, scammers have been using fake job opportunities to trick people into giving away their personal information. Pretending to be non-profit charitable organizations, scammers have been sending out text messages claiming they’re recruiting remote workers, with high pay guaranteed:

• take advantage of the covid-19 outbreak unemployment to apply for a relief job with no stress.. this is remote work from our charity organization…apply now and get $800 weekly. <URL>

Here is how the scam unfolds. The URL in the bogus SMS leads to a fake Community Giving website. There, you are asked to fill out the online form to apply for the job:

If you take a closer look, you will see that the URL of the fake site and the legitimate one look almost exactly alike. Only that there is an extra hyphen (-) in the fake site’s web address:

COVID-19 Vaccination Passport Scam

Posing as the National Health Service (NHS), scammers have been falsely claiming that people can apply for COVID-19 vaccination passports online through the links they provide:

Source: Twitter

Content

• NHS: We’ve recently checked and we can see you are eligible for a pass proving you have been vaccinated. You can apply for this here: https://applicationform[-]nhs.com

You may notice that the link looks like a legitimate one, but it’s not. (The genuine NHS website URL should end with nhs.com with NO hyphens or other letters in front.)

Once clicked on, it will take you to a fake NHS login page where you are required to enter your name as well as other personal information to apply for your (fake) COVID vaccination passport.

In other cases, scammers say that you need to order a PCR home test kit because you’ve been in contact with people with confirmed COVID-19 cases:

Source: Twitter

Content      

• NHS: You have been in contact with someone who has COVID-19. You must order a PCR Testing Kit here: https://nhs[-]pcrtestkit.com

The bogus NHS link leads to a fake UK government website entitled “Tests available”. You will have to enter credit card information to pay for the PCR testing kit. Again, these credentials will end up in the scammers’ hands!

How to Protect Yourself

• Double-check the sender’s mobile number/email address.
• Take a closer look at the web address. Reach out to the government’s/organization’s official website directly to apply for any program.
• NEVER click on links or attachments from unknown sources. Use Trend Micro Check to detect scams with ease!
   

1. After you’ve pinned the Trend Micro Check browser extension, it will block dangerous sites for you automatically:

2. Trend Micro Check on WhatsApp:

Send links or screenshots of suspicious text messages to Trend Micro Check on WhatsApp for immediate scam detection:

Download Trend Micro Maximum Security for even more protection, including Web Threat Protection, Ransomware Protection, Anti-phishing, and Anti-spam Protection. Gain access to the Privacy Scanner for Facebook and Twitter, Social Networking Protection, and Parental Controls, too. Click the buttons below to give them a try:

Did you successfully spot the scams? Remember, always CHECK before giving out personal information.

If you found this article helpful, please SHARE to protect your friends and family!