Skip to content

Coronavirus online scams

  • by

The global media narrative is dominated by the coronavirus outbreak.

I covered the coronavirus aspects of OSINT resources for tracking the disease’s spread back in January, and I revisited the topic last month in the context of disinformation warfare.

This time I want to focus on the digital threat vector associated with the coronavirus.

The raging pandemic has spawned numerous online scams, frauds and cyber attacks, targeting both the corporate sector and individual users all around the world.

So without any further delay, let’s take a look:

Sale of coronavirus related items - online auction scams

Dishonest and greedy vendors on just about any online marketplace are hoping to capitalise on the fear and panic amongst the general population.

Exorbitantly priced items include:

  • facial masks used for painting re-advertised as medical supplies guaranteed to protect from covid-19;
  • hand sanitizers, priced 5 times more than they would normally cost;
  • covid-19 “survival kits”;
  • paper suits;
  • fake covid-19 testing kits;
  • various inhalers and pseudo-medical paraphernalia.

Meanwhile, the darkweb markets are also full of coronavirus themed products, from masks, suits, sanitary products of unknown origin (more than likely stolen in bulk), to various drugs advertised as “coronavirus antidepressants sale”.

source: Empire Market

In some cases, clearnet sellers just pocket the money and don’t ship any items at all.

In the darkweb, it’s free for all. It’s where scammers scam other scammers unscrupulously.

The UK’s Action Fraud warned that since February 2020 the National Fraud Intelligence Bureau received numerous reports of fraud where coronavirus was mentioned, with victim losses exceeding  £800k.

Scammers know well that the police departments in Europe and elsewhere are currently put under serious pressure and are unlikely to prioritise responding to online fraud cases under the current circumstances.

source: Empire Market

Bogus Android apps

The Google Play Store has always been infamous for unverified, potentially dangerous apps.

The pandemic resulted in an outbreak of scammy Android applications that intercept users’ data, track their movements or install malware or spyware on their devices.

These apps typically masquerade as:

  • coronavirus trackers
  • coronavirus maps
  • coronavirus checker apps

The most notable recent example of such app was “AC19”, an app developed by the Iranian government to keep track of the coronavirus infections.

All it was doing, however, was keeping track of users who downloaded it and harvesting their data.

Google removed the app from the Play Store, as it does daily with dozens of malicious applications – more details on that story can be found here.

Fake and malicious websites

Newly activated domains containing “coronavirus” in the URL should be treated as suspicious and generally avoided.

Remember, the best sources of information are the official government websites or reputable ones, with verified medical information, advice and updates.

One of the most popular maps for tracking the coronavirus spread was created by the Johns Hopkins Center for Systems Science and Engineering (CSSE) and is available here.

This is what it looks like:

Unfortunately, this website has been copied and emulated by a number of malicious sites.

This is one of the websites I stumbled upon – it is still live and posing a real threat to anybody using it:


For safety, you should refrain from visiting this site directly, unless you know what you are doing and what the risks are. 

You can safely navigate the Wayback Machine snapshots though:

This is what the cloned website, hosted in Romania, looks like:

There are a number of tabs that bring you to dubious content, paired with ads and various trackers.

The site also contains a number of social media platform buttons which redirect to phishing links that load up fake login pages, ready to harvest your login credentials:


This website is already recognised as malicious by Virus Total and you can find the detailed information here, including subdomains, URLs, IP addresses and more.

(Want to start learning how to do website-oriented OSINT? Read this post!)

Phishing emails and malicious attachments

It is a well known fact that an email can be sent from a spoofed email address and made look like it originated from a legitimate sender.

Right now there are tens of thousands of malicious emails in circulation and they attempt to exploit the users’ fear as well as their efforts to stay informed.

Below are some examples of emails that can redirect users to phishing sites or that contain malicious attachments that can result in malware infections if donwloaded:


Social media

The notably positive development is the fact that since the pandemic was announced, Google, Twitter, Facebook, Instagram and others have all taken steps to combat fake news, conspiracy theories and the general coronavirus misinformation.

Social media has been misused for the above purposes for a long time and the stream of false content has been spreading everywhere.

Now it seems at least some content verification is taking place and users are being warned before they play videos or start browsing through photos.

This is it for now. 

Stay sceptical. Verify. And spread the word to help the others.

Leave a Reply

Your email address will not be published. Required fields are marked *