PHOENIX (3 On Your Side) -- As the COVID-19 pandemic sweeps across the globe, the risk of malware and spear-phishing attacks is on the rise. It's a frustrating and potentially costly side effect of the crisis, but it is not unexpected. "We see this every time there's any kind of a large, huge news event," said Ken Colburn from Data Doctors. "The bad guys jump in. They create fake websites. They create all this because they know people are looking for information."
Colburn said it's easy for scammers to create fake sites that look convincing, but users run the risk of infecting their devices with malware. As CNET first reported, mobile security company Lookout discovered an app that mimics a coronavirus tracking app. People using the app thought they were tracking the pandemic, but it turns out the app may have been tracking them. According to Lookout, the spoofed app allowed bad guys to access cameras, take photos, and record videos and audio.
"If you're looking at a government website and it does not end in dot-gov, it's not a government website. It's potentially a scammer," Colburn said. "Even though it looks like it's official, if it's not some source that you've trusted in the past, be very, very skeptical. I'm not saying that all new sources of info are malicious. It's just real tough to tell the good from the bad, which is why it's so important to stick to the resources that you already trust."
Colburn said he also expects a spike in spear-phishing attempts as much of the American workforce has scrambled to set up home offices. "It's a new world, and these bad guys know it, so spear-phishing is bound to increase. That is an email that pretends to be from someone else in your organization asking you to do something," he told 3 On Your Side. "When you get an email that's asking you for an urgent action or something that sounds a little strange, don't reply to that email. Choose a second form of communication - a text message, a phone call - to verify the request."
Also, check carefully for misspellings in the body or the email, and look closely at the actual email address, to verify its authenticity. According to Colburn, it's also critical to ensure that your security software is up to date.