Cybersecurity experts describe it as a perfect storm: employees working from home – away from their company’s IT experts and sometimes without the protection of a corporate computer network – and eager for information about a mysterious coronavirus.

With the COVID-19 crisis in the background, fraudsters seem to be redoubling their efforts to steal information or money from unsuspecting users, by sending false e-mails and SMS as bait, in a system known as the name of phishing.

In a scam, fraudsters claim to process EI claims, attacking Canadians who have recently lost their jobs. Users are invited to enter their contact details, only to make the information accessible to criminals.

Other programs are disguised as messages from Shoppers Drug Mart, the Public Health Agency of Canada, or the World Health Organization. In all cases, the goal is to steal user information or money, or to infect their devices with malware.

“The tactics are always the same, it’s just the subject that has changed,” said Joe Martin of North Vancouver-based technology company Compunet.

“People who do this for a living, they know they’re going to get a few clicks, as long as the coronavirus continues to be a problem.”

As the number of online and phone scams increases, Shoppers Drug Mart said on its website “ if you receive an unsolicited call, we strongly encourage you to hang up and call your local store directly. ” (Michael Wilson / CBC)

According to analysis by the virtual private network provider Atlas VPN, the number of active websites used for phishing increased by 350% between January and March, at the time of the COVID-19 crisis.

Additionally, California-based Barracuda Networks said he had observed a 667% increase in phishing emails from the end of February to the end of March.

The Canadian Anti-Fraud Center (CACF) said Friday it had received 75 reports since March 5 of coronavirus scams, adding that Canadians had been victimized in at least 13 cases. The actual number of targets and victims is probably much higher, since few users complain to the authorities.

The UK’s Action Fraud network said that the coronavirus scams cost the British nearly £ 970,000 (nearly CAD 1.7 million). The FBI has warned Americans to beware of emails purporting to be from the Centers for Disease Control and Prevention and to “beware of anyone selling products that claim to prevent, treat, diagnose or cure COVID-19”.

There was a 400% increase in coronavirus scams in March, with casualties totaling almost £ 970,000. ⚠️ Here are some examples of Coronavirus related phishing messages that we have reported. pic.twitter.com/mmizvplLar & mdash;@actionfrauduk

The most high-profile scam in this country – highlighted last week by Prime Minister Justin Trudeau in his daily televised speech – includes text messages ostensibly offering money as part of the federal government’s emergency response benefit. In reality, the con is trying to get users to click on a link leading them to a fraudulent system.

Prime Minister Justin Trudeau issued a warning regarding text messages and other scams that attempt to lure Canadians using messages about support for COVID-19. CBC intentionally scrambled part of the URL in this post. (Submitted to CBC)

How to prevent phishing

Toronto-based cybersecurity consultant Ritesh Kotak said he had been targeted repeatedly in COVID-19 scams, receiving “many” phishing messages since the start of the pandemic.

“My general advice is to think twice before clicking,” he said. Kotak also recommends using a virtual private network at home for additional protection.

Compunet, the British Columbia-based firm, emailed customers with the following advice:

“Think before clicking on a link or downloading an attachment. If you are not sure, do not click or download.

Do not respond to any request for sensitive information, even if it is supposed to update payment information with an account.

Use well-known websites, such as the CDC or WHO, to stay up to date on information about coronaviruses.

Hover over the sender’s email address to check whether or not this is a legitimate domain of a familiar organization.

Please keep in mind that legitimate organizations will not ask you to update account information or send personal data by email. “

“Can I be hooked?”

Ottawa-based cybersecurity firm Click Armor even created an online self-assessment tool called “ Can I be hooked? “The platform presents a series of emails and asks users to report the messages as safe or suspicious.

The online assessment tool, “Can I Be Phishing? offers animations and emails, asking users to identify whether the messages are fraudulent or not. (Click on Armor)

“It comes down to people knowing how they could be targeted and what their vulnerabilities are,” said Scott Wright, CEO of Click Armor in an interview.

“We see a lot of attacks going on that try to exploit people’s anxieties” related to the pandemic itself and the adaptation of businesses to it, said Wright.

He warned that even consumers who believe they are following best practices can fall victim to scams.