Coronavirus and cybercrime — hackers use COVID-19 as phishing bait

UAB expert Gary Warner and UAB Information Technology provide tips on how to protect yourself from cybercrime during the coronavirus pandemic.

Editor's Note: The information published in this story is accurate at the time of publication. Always refer to uab.edu/uabunited for UAB's current guidelines and recommendations relating to COVID-19.



Man typing at his laptop computer at nightUAB expert Gary Warner and UAB Information Technology provide tips on how to protect yourself from cybercrime during the coronavirus pandemic. The coronavirus is being used in various malicious campaigns including email spam, text messages, ransomware and suspicious website domains.

During this vulnerable time for everyone, hackers are seeking opportunities to leverage on potential victims.

Gary Warner, director of research in Computer Forensics in the Department of Criminal Justice at the University of Alabama at Birmingham, says his email inbox has been full of “Coronavirus/COVID-19” frauds and spams.

“I have corona malware disguised as product catalogs and fake World Health Organization emails asking me to donate my Bitcoin to them,” Warner said. “These hackers are using fake news websites to drive their affiliate-marketing program scams to sell ‘immunity oil’ to people who are desperate to protect their families and loved ones.”

Warner explains that one of the best ways to protect yourself from attacks is to educate yourself on phishing scams. He also warns people to pay attention to their email subject lines.

“One email I received was with the subject ‘Protection From Corona Virus with Immunity Oil,’” Warner said. “The scam bait is that you are buying a fake product that you think will help you fight off the coronavirus.”

Warner says that, if someone places an order from one of the phishing sites, they will bill you more and more frequently than you think because now they have access to your banking and/or credit card information.

Working from home and protecting your personal data

Now that the majority of people are working from home due to the coronavirus pandemic, people are more susceptible to cybercrime attacks. UAB Information Technology has provided tips on how to safeguard your personal information from hackers.

Secure your home network  

UAB IT recommends taking a three-pronged approach to ensure that your home network is safe from cyberattacks:  

  • Change your default Wi-Fi password to something only you and your family know.
  • Use the latest encryption, which is WPA2. WPA2 provides stronger data protection and network-access control.
  • Familiarize yourself with all devices connected to your home network — that means everything from cellphones to baby monitors and smart speakers. 

Lock down your devices

Start by using a strong PIN or passcode, and then expand on that security using these steps:

  • Toggle on automatic updates on each device.
  • Consider having separate devices for parents and kids to discourage accidental sharing of information. If that is not possible, manage account privileges to restrict access from other users.
  • Instill firewall and anti-virus software on all personal devices.
  • Wipe devices of data before discarding to ensure they are free of personal information. Many mobile devices have a setting option for secure resets for this purpose.

Safeguard your accounts

  • Use a unique passphrase instead of single passwords for each account.
  • Do not use example passwords given at sign-up or anything that would be easy to guess.
  • Use two-factor authentication whenever possible, from your bank account to social media accounts. UAB provides employees access to the 2FA app Duo, which is required for all university accounts.
  • Post content with care. Everything you post online becomes part of your overall brand and communicates what you represent. Be sure all your content is free of personal information, such as your birth date, home address and phone number.

A baseline for best practices against cybercrime attacks is to use common sense.

  • Check out this video about online safety and security from UAB IT.
  • Educate yourself on phishing scams and the ways hackers use messages to trick users.