Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog


COVID-19: Novel Coronavirus Becomes Hotbed for Misinformation, Scams and Fake Cures

The worldwide fear and uncertainty surrounding the novel coronavirus isn’t just being leveraged in malware and phishing attacks, as it has also enabled the spread of misinformation, fake cures and a variety of scams.

Last week, we reported on the rise in malware and phishing attacks using the COVID-19 virus, which continues to dominate headlines worldwide. As it remains top of mind, it’s no surprise that COVID-19 has become a hotbed for misinformation, scams and fake cures.

It’s become so problematic that the Attorney General of the United States has instructed the Department of Justice to prioritize prosecuting those responsible for distributing fake cures, malware and phishing attacks and other scams leveraging the coronavirus pandemic.

Cash App scammers leverage COVID-19

In October 2019, I wrote a blog series about opportunistic scammers targeting legitimate giveaways from Cash App, the popular person-to-person (P2P) payment application. In the months since, the scammers’ activities have continued, but with all the attention surrounding COVID-19, the Cash App scammers have started leveraging it as well.

Some Cash App scammers are simply adding the #coronavirus hashtag to their tweets in order to ride the hashtag.

In another instance, a Cash App scammer referenced the impact of the “Corona Virus” and how it is “cancelling” everything except “are (sic) bills.” They then propose their offer: $2,000 to the first 300 people to retweet their tweet, allegedly offering a grand total of $600,000 in a giveaway. This tweet also references another P2P application, Apple Pay. They reference it because not everyone uses Cash App, but there are a lot of Apple iPhone users. The tweet also includes the hashtags “#CoronavirusOutbreak” and “#CoronaVirusUpdate” instead of anything Cash App related.

Finally, another Cash App scammer uses both the “#COVID19” and “#CoronavirusOutbreak” hashtags along with a “#CashappMonday” hashtag. The tweet implies that because of the virus, they’re sending money to users. In this case, the first 500 people could receive anywhere between $300 to $1500. This tweet struck a chord with users on Twitter, receiving over 675 retweets and 963 likes at the time I observed it.

All three scenarios center around money flipping. The Cash App scammers claim they can flip transactions, turning a small denomination of $10 into $100, for example. They claim they can modify the transactions in post through the P2P application, whether it be Cash App, Paypal, Zelle, Venmo or Apple Pay. All they ask for is that the recipient share the initial cut with them for providing them this so-called service. As you might expect, the victims won’t receive anything in return. They’ll be left high and dry after parting ways with their money.

Misinformation around COVID-19 is a growing problem

Social media provides a valuable avenue for real-time information on current events, such as the situation surrounding COVID-19. At the same time, it enables the dissemination of misinformation.

In late January, a fake document began circulating that falsely claimed cases of COVID-19 were detected in the city of Carson, California. This document contained official logos of the World Health Organization (WHO), U.S. Centers for Disease Control and Prevention (CDC) and Los Angeles County Department of Public Health. The Los Angeles Police Department tweeted on February 10 that they were “seeking information” on the party responsible for spreading this misinformation.

Rumors of a nationwide quarantine in the United States

One of the biggest pieces of misinformation to circulate through text and social media are screenshots of text messages claiming that the United States will be instituting a nationwide shutdown or quarantine for an extended period of time. These text messages claim that the original author spoke to a relative or someone who had connections to someone “really high up in the government” or the CDC, as a way of legitimizing their claims.

While the premise varies, the intention is the same – spread misinformation about the possibility of a nationwide quarantine.

To set the record straight, the U.S. National Security Council (NSC) tweeted that these text message rumors were fake. “There is no national lockdown,” the NSC said.

Offers of fake COVID-19 test kits

In Toronto, Canada, there are reports that scammers have begun knocking on doors, claiming to offer COVID-19 test kits. This report was identified and debunked in a tweet from Toronto’s fire chief, Matthew Pegg.

Fake messages from government agencies

The Australian Cyber Security Centre reports that Australians should keep an eye out for scam texts alleged to be from the Australian government, offering advice on “symptoms and when to get tested” along with a link to a website, http://covid19-info[.]online.

In our previous blog post about COVID-19, we referenced a report from Check Point Research that found that since January, 4,000 domain names including the word “coronavirus” had been registered. The example above supports that outside of “coronavirus,” scammers are registering domains containing “COVID19.” Creating domain names using phrases like coronavirus and COVID19 are used to present false legitimacy when sharing these as part of malicious emails, text messages or social media posts, so that when users receive them, they might be more inclined to trust them because they have these keywords in them. We expect more domains using these terms to be registered along with fake websites getting published, as scammers and cybercriminals continue to take advantage of the pandemic.

Unsolicited phone call scams

In Alberta, Canada, there are reports that Canadian residents are receiving unsolicited phone calls, claiming they have tested positive for COVID-19, followed by a request for credit card information.

In a tweet, Alberta Health Services debunked the claim, saying they would never ask for credit card information.

In Alameda County, California, the sheriff’s office was notified by a victim who received a phone call from a scammer claiming that a loved one had been diagnosed with COVID-19 and was in an accident on their way to a hospital. The scammer said this loved one was arrested and needed to be bailed out to the tune of $13,000. The scammer would “send a friend” to collect the bail money.

In Daly City, California, the police department says it is aware of scams where people are claiming to be from the CDC. These scams claim to offer reservations for a COVID-19 vaccine and require “a credit card and/or social security number.” The Daly City Police Department debunked these claims, saying there is no such “vaccine reserve program.”

Fake offers of emergency money for essentials

With talk of an economic stimulus along with checks being sent to U.S. citizens to provide a boost during the COVID-19 pandemic, scammers have seized on this narrative.

A Twitter user named Austin tweeted an image of a text message claiming to offer “emergency money for groceries.”

Users who click the link in the text message are redirected to a website that claims to offer cash from as low as $1,000 to as much as $5,000.

Further information on the website reveals that it’s designed to put the visitors in touch with lenders to secure a loan. The scammers are likely referring users to this lender website to earn a referral bonus.

Work from home/job opportunity scams

The impact of COVID-19 has created challenges for those seeking work, while also adding uncertainty around existing work and the possibility of lost wages. As social distancing has been strongly encouraged by WHO and CDC, it makes it difficult to find work. As a result, this has become another area ripe for scammers, as they utilize COVID-19 to peddle job opportunity scams.

Brian Krebs recently reported that COVID-19 “widens the money mule pool” for scammers. A money mule is a person who transfers illegal money on behalf of criminals and keeps a commission fee for their efforts.

Krebs reports that a fraudulent website called Vasty Health Care Foundation, a fake Canadian foundation, copied most of its content from globalgiving.org. According to GlobalGiving’s chief product officer, Kevin Conroy, these fake job offers appear to be originating from job search websites like Indeed.com and Monster.com. While this report was focused on the fraudulent Canadian foundation, Krebs also learned that similar tactics are being employed to target Americans, according to Alex Holden, founder of Hold Security.

A Twitter user shared a post reportedly from the El Camino Police Department stating that students at El Camino College in Torrance, California, are being targeted by job opportunity scams “under the guise of working at home due to the COVID-19 outbreak.”

Fake cures and misinformation circulates on WhatsApp

One of the other major areas of concern surrounding the fear and uncertainty of COVID-19 are fake cures and other false information spreading through popular messaging applications like WhatsApp.

A lot of fake cures have been circulating through WhatsApp messages throughout India. An example of such a fake cure claims that a bowl of freshly boiled garlic water has proven to be effective.

Image source: Al Jazeera

Another viral WhatsApp message provides a so-called breathing exercise to help determine whether or not one has COVID-19. It also suggests taking “a few sips of water every 15 mins at least” because drinking liquids will “WASH them down through your oesophagus (sic) and into the stomach,” claiming that stomach acid will “kill all the virus.” These false claims have been debunked.

These are just some of the myriad of fake cures circulating on WhatsApp, from drinking lots of hot water, eating more ginger or increasing one's intake of vitamin C to more elaborate solutions.

Another WhatsApp message claims that placing cloves, cardamom, camphor and mace in a cloth and keeping it in one's pocket at all times is a remedy that will prevent “not just coronavirus, but no other virus will be able to harm you.”

A fake message claiming to be from the United Nations Children's Fund (UNICEF) mentions that avoiding ice cream and cold foods can protect against the virus. This message was debunked by UNICEF in a statement on their website from their deputy executive director for partnerships, Charlotte Petri Gornitzka.

Image source: Al Jazeera

Politico recently reported an audio recording was gaining traction through WhatsApp. The message claimed the Medical University in Vienna found patients who experienced the most severe symptoms from COVID-19 had been taking ibuprofen, a commonly used painkiller. This message was soon debunked by Johannes Angerer, spokesperson for the university. However, there are valid questions surrounding how ibuprofen affects COVID-19 patients, which are being looked into by the WHO.

Italy, which has been hit hard by COVID-19, has also seen an uptick in misinformation and fake cures being spread through WhatsApp, according to the BBC.

Fighting back against coronavirus scams and misinformation

As countries around the world fight back against COVID-19, the fear and uncertainty provides an excellent hook for scammers and peddlers of misinformation. We expect these will persist for quite some time.

The WHO has published information on the basic protective measures for the general public to combat the COVID-19 virus. The recommendations include:

  • Wash your hands frequently
  • Maintain social distancing
  • Avoid touching eyes, nose and mouth
  • Practice respiratory hygiene
  • Seek medical care if symptoms (fever, cough, difficulty breathing) are present

Steps to take to help thwart misinformation, fake cures and scams around COVID-19

As we all work on our personal hygiene and practice social distancing, we can also play our part to help prevent the spread of misinformation and fight back against scammers.

  1. Seek out information from trusted sources. WHO, CDC and other local health organizations are the most trustworthy places to get your information about COVID-19. Additionally, trusted news sources can also be a great place to gather information.
  2. Be skeptical of phone calls and text messages around COVID-19. Scammers are counting on the fear and uncertainty around this virus to help fuel their efforts to steal money and sensitive information from unsuspecting individuals. Unsolicited phone calls and messages that you didn’t opt-in for are more than likely scams, so chances are you should simply ignore the messages.
  3. Recognize that work-from-home job opportunities are most likely scams. If you come across a job opportunity that claims you can earn lots of money by working from home, it’s likely fraudulent, especially if they ask you to transfer money and keep a cut for yourself. There’s no such thing as easy money.
  4. Consult your medical professional to get care. Offers to provide you with a test kit via door-to-door salesmen or over the phone are fake. If you have questions about your symptoms and are seeking advice about getting tested, contact your primary care physician. If your symptoms are severe, call your local emergency services.
  5. Avoid forwarding messages on WhatsApp or other social media about so-called cures or news related to COVID-19. The cures being shared around WhatsApp aren’t rooted in any science and should not be a replacement for the recommendations outlined above from WHO. Forwarding these messages helps disseminate misinformation. Be skeptical of news that’s also being shared across these platforms. Be sure to verify the news being shared with you to ensure it hasn’t been fabricated.
  6. Remember that on social media and text messages, free money isn’t free. Even with discussions about providing economic relief in the U.S., elaborate offers for money aren’t free. Scammers will ask you to provide some money upfront before they “flip” it into a larger denomination, but you won’t receive anything in return. Scammers will also try to direct you to websites to fill out surveys and/or install mobile applications, with the promise of earning some money in return. These are just ways to turn you into a cog in the wheel for the scammers to steal money from you.

This is just the beginning, not only for COVID-19, but for scams leveraging it. We fully expect these scams will continue to grow and change accordingly as new information is made available publicly. While we’ve tried to capture some common themes we’ve identified in misinformation and scams surrounding COVID-19, know there are many that we’ve not yet observed or contemplated. The best way to deal with this fact is to remain skeptical.

Join Tenable's Security Response Team on the Tenable Community.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today.

NEW - Nessus Expert Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Professional Trial.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now. To learn more about the trial process click here.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free


Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training