Profile picture
, 8 tweets, 3 min read
My Authors
Read all threads
Unfortunately, COVID-19 has spurred an unprecedented number of online scams targeting people and businesses. However, they’re using methods that we’ve seen time and time again: (thread) washingtonpost.com/news/powerpost…
Many of these scams use “phishing” techniques (when an attacker sends a message, email, or link that looks innocent, but is actually malicious and designed to prey on fears about the virus). Common methods use: enticing offers, urgency, and pretending to be someone you recognize.
If an email sounds too good to be true (“New COVID-19 prevention and treatment information! FREE info”), it probably is. And if an email demands urgent action from you (“URGENT: ventilators delivery blocked. Please accept order.”), slow down and make sure it’s legitimate.
Keep in mind that legitimate sources of health information likely won’t use unsolicited email or text messages to make announcements.
Phishing emails such as this one expect readers to only see the display name without the email address beside it. Check where the message is from. An email from the Gates Foundation that includes a slight typo. The email address reveals that it's actually from
Some of these scams have the intent of stealing your password to log into a service you use, and some of them have the intent of installing malware. For more information, see our printable handout from SEC. sec.eff.org/uploads/upload… From the SEC handout. MALWARE, short for malicious software, is any program that’s designed to conduct unwanted actions on your device. Examples of malware include: computer viruses, programs that steal password, programs that secretly record you, programs that secretly delete your data<br /> Additional text on phishing is included, but does not fit here. Please see the URL for full text.From the SEC handout. Common ways malware is installed include: OPENING A MALICIOUS ATTACHMENT OR FILE, CLICKING A MALICIOUS LINK, DOWNLOADING UNLICENSED SOFTWARE, VISITING COMPROMISED WEBSITES, DOWNLOADING AUTOMATIC CONTENT, SHARING USB DEVICES OR PLUGGING INTO SUSPICIOUS PORTS
Two trends in malware that we’re especially seeing in COVID-19 related phishing attacks are trojans and ransomware. Some phishing campaigns use a live interactive map of COVID-19 to appear valid and trustworthy even to a cautious eye.
blog.lookout.com/commercial-sur… From the SEC handout. Trojans: When downloaded, Trojan software may perform like the intended legitimate application, but is in<br /> fact doing malicious things in the background. This is often found in pirated or “cracked” software or fake antivirus software. Ransomware: When downloaded, this malicious software holds a company, organization, or individual’s data for ransom. Ransomware gained popularity in the last decade
In general, ways to avoid accidentally downloading malware from a phishing message include:
✔️ check the sender’s address
✔️ try not to click or tap
✔️ try not to download files from unfamiliar people
✔️ phone a friend/coworker: ask "were we expecting an email from this sender?"
For more tips and examples of phishing messages, check out our blogpost on phishing in the time of COVID-19. eff.org/deeplinks/2020…
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with EFF

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @EFF see all

Profile picture
EFF
@EFF
Marginalized communities bear the brunt of surveillance. We must closely scrutinize the efficacy of digital contact tracing proposals and ensure they are compatible with civil liberties, don't intensify existing inequalities, and have sufficient safeguards onezero.medium.com/coronavirus-di…
To find out more, read our blog post analyzing how proximity apps work, barriers to efficacy, and how to maximize privacy protections: eff.org/deeplinks/2020…
We oppose location-based contact tracing because they track and store extremely sensitive information about where you are and who you're with—and they don't even work to learn transmission risk. eff.org/deeplinks/2020…
Read 3 tweets
Profile picture
EFF
@EFF
You get a text message: "Someone who came in contact with you tested positive or has shown symptoms for Covid-19 & recommends you self-isolate/get tested. <link>"
Be alert! Unfortunately, the above message is used in a new scam targeting mobile users.
wjla.com/news/nation-wo… A screenshot of a text message, with the link blacked out.
Many of these scams use “phishing” techniques (when an attacker sends a message, email, or link that looks innocent, but is actually malicious and designed to prey on fears about the virus). Common methods use: enticing offers, urgency, and pretending to be someone you recognize.
Keep in mind that legitimate sources of health information likely won’t use unsolicited email or text messages to make announcements.
Phishing texts such as this one expect readers to not verify the origin or phone number.
Read 6 tweets
Profile picture
EFF
@EFF
Clearview's "business model relies on collecting incredibly sensitive and personal information, and this [client] breach is yet another sign that the potential benefits of Clearview's technology do not outweigh the grave privacy risks it poses" -@SenMarkey cnet.com/news/clearview…
We must solve the privacy problem Clearview raises with a strong federal privacy law that gives consumers real power to stop invasive uses of technology. eff.org/deeplinks/2020…
We must also reach out to local city council, board of supervisors, and state or federal legislators to tell them we need meaningful restrictions on law enforcement use of face recognition, so that Clearview's technology doesn't end up in government hands.
eff.org/deeplinks/2020…
Read 3 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!