Coronavirus scams: 'Fact or fake' - the key question to ask before sharing personal information

Piggy bank with face mask.
Kiwis are advised to be vigilant about their personal and financial information. Photo credit: Getty.

Scammers overseas are taking advantage of coronavirus fears with attempts to steal personal information at the top of the list.

From phishing emails and text messages, to false map apps, websites and social media accounts selling COVID-19 'cures',  Kiwis are reminded to be wary of unusual requests for personal and financial information.

Netsafe CEO Martin Cocker said that fake websites selling 'medical-grade masks', emails and text messages pretending to be from the World Health Organisation and claims to 'cure' COVID-19 have been reported overseas. 

Kiwis are urged to use their critical thinking skills to determine what's fact - and what's fake.

"Check emails and texts [are] from the official organisation: often these types of emails use a very similar domain name extension that is easy to be confused by," Cocker said.

People are advised to protect information that could be used to access personal accounts or build a false online presence and to be wary of disclosing this information in response to emails, text messages or to download apps.

"This includes login details and passwords to online accounts, bank account and credit card details, address, phone number, date of birth, personal information relating to security questions and driver's license and passport details."

Cocker said that under the Harmful Digital Communications Act, anyone sending or publishing threatening, offensive or sensitive material, or spreading damaging rumours can be liable for a fine or imprisonment.

"Our expectation is that Kiwis will be more supportive than abusive, but it is a good time to remind people of their rights and responsibilities under the Act," Cocker added.

The Ministry of Health said that cybercriminals take advantage of situations like COVID-19 and that as more people work from home, online security is everyone's responsibility.

"Organisations need to make sure their staff are trained and have the right resources available to keep them safe, and that they've implemented the appropriate security controls and monitoring systems," a spokesperson said.

Employees can do their bit to help by following company policies, keeping up-to-date with common scams, and most importantly, reporting things that seem out of place or suspicious.

"We encourage organisations in the health sector to let us know if they have been affected by a cyber incident for our awareness, and to also report cyber incidents to CERT NZ directly," the spokesperson added.

According to a survey by online research tool Finder, one in five Kiwis use Google for financial information, increasing the risk of sharing and receiving false or misleading information. Based on company research, publisher Kevin McHugh advises Kiwis to be wary of downloadable apps that claim to track coronavirus spread and random emails from government organisations.

"Never open email attachments from suspicious senders or click on links from unknown sources: if you're unsure, ask a family member or friend - or simply delete the message," McHugh said.

"Only provide card details to websites that encrypt your data and use a secure server: the website URL should start with 'https' rather than 'http' and a padlock icon should appear next to it," McHugh added.

As there's currently no vaccine or specific treatment for COVID-19, any website that claims to offer a cure or test kit is a scam.

"Don't purchase from these sites or sellers - or give them your personal information." 

For people working remotely, the CertNZ website contains useful tips to keep information secure and information on counterfeight face masks. Further information on scams can be found on the Netsafe website and scam text messages can be reported to 7726.