A hoax currently doing the rounds – spread by both hospitals and security companies – warns that criminals are using the coronavirus crisis as an opportunity to get into homes and businesses by claiming to offer sanitising and virus testing services. However, there is no evidence whatsoever that this has actually happened, suggesting it is an urban legend, readily believed as a result of the fear and panic surrounding COVID-19.
Because the warning comes from organisations rather than individuals – which is the way past hoax legends were mostly spread – they are more easily believed, and more readily spread, especially on social media. Facebook is littered with such warnings, including one from Netcare Pretoria East Hospital that included this detailed warning:
“Netcare has been made aware that criminals are going to homes in various areas, claiming to be from Netcare or Netcare 911, and saying that they are assisting the Department of Health with door-to-door screening for COVID-19 (coronavirus). Please note that staff members from the Netcare Group, including from Netcare hospitals, Netcare 911 or Medicross medical and dental centres, are NOT doing door-to-door COVID-19 screening. Should someone claiming to be a representative from Netcare, Netcare 911 or Medicross arrive at your home or business premises claiming to do screening for the novel coronavirus, do not allow them onto your property or inside your business premises for your own safety but please alert the SAPS immediately.”
However, it is clear that the reports being received are from similar warnings issued by security companies and individuals, without evidence that it is actually happening. No such warning has formally been issued by the police.
Another Facebook post includes a screenshot that a user claims to have received from a security company, reading:
“PLEASE BE AWARE THAT CRIMINALS ARE CAPITALISING ON THE COVID-19 VIRUS
“Criminals are unfortunately using the Coronavirus as an opportunity. We have become aware of a new modus operandi, where criminals are pretending to offer COVID-19 sanitising and virus testing services, representing either government, Netcare, ER24, etc. There is no such service and it is a scam aimed at gaining access to properties. Please brief domestic staff members accordingly”
Again, there is no evidence provided of this actually happening, or of incidents being reported to the police.
Meanwhile, the real COVID-19 scams are taking off in the virtual world. SABRIC, the South African Banking Risk Information Centre, has warned clients that cybercriminals are using “Coronamania” panic to spread Coronavirus scams.
It issued a statement today, saying: “Coronavirus scams exploit people’s concerns for their health and safety and pressure them into being tricked using social engineering. Social Engineering is manipulative and exploits human vulnerability because criminals know that the weakest link in the information security chain is the human being.
“These new scams include spoofed emails offering products such as masks, or fake offerings of vaccines, leading to phishing websites. These emails come from seemingly realistic and reputable companies which manipulate people into clicking on links. Some of these websites prompt the user for personal information which ending up in the hands of cybercriminals.”
The irony is that the virtual scam has the same ultimate intention as the hoax scam, of robbing its victims. However, it is far easier than the supposed door-to-door scam, carries less risk for criminals, and is likely to land the criminals far more ill-gotten gains.
SABRIC explains how easy it can be: “Cybercriminals are also using SMS Phishing, more commonly known as SMishing, to trick victims into clicking on a link disguised as information on a Coronavirus breakout in their area to steal their credentials. Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the Coronavirus.
“Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.”
SABRIC acting CEO, Susan Potgieter warns that some spoofed emails can be difficult to identify, which means greater vigilance is required.
“We urge bank clients to think twice before clicking on any link, even if an email looks legitimate,” she says. “Any suspicious emails should not be opened and are best deleted.”
SABRIC offers the following tips to protect themselves:
Phishing & SMishing
- Do not click on links or icons in unsolicited emails.
- Never reply to these emails. Delete them immediately.
- Do not believe the content of unsolicited emails blindly. If you are concerned about what is being alleged in the email, use your own contact details to contact the sender and confirm.
- Check that you are on the authentic/real site before entering any personal information.
- Do not click on links or icons in unsolicited SMSs.
- Do not reply to these SMSs. Delete them immediately.
- Do not believe the content of unsolicited SMSs blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm.
- Regard urgent security alerts, offers or deals as warning signs of a hacking attempt.