Scamdemic: How fraudsters exploit fears during the pandemic Phishing scams via messaging apps have become even more common during the pandemic. Heed this advice before you click on any dodgy links.

In the past two years, how many unsolicited messages have you received asking you to donate to a COVID-related charity effort, or purchase a health product that promises to “boost” your immunity against the coronavirus?

Some scammers have even gone so far as to impersonate government officials, posing as health staff carrying out contact tracing in order to coax out highly sensitive information from unsuspecting individuals.

These are just some of the slick new methods scammers have been using to phish personal and confidential information — such as bank details and health records — from the public.

Lockdowns and the lack of contact with family and friends has also given rise to muddled emotions and a sense of isolation, which can make rational thought more difficult.

And these are prime conditions for a potential scammer.

Cyber Security Brunei (CSB), a national agency that monitors online security threats, said online fraud has increased dramatically during the course of the pandemic.

Scammers – both local and overseas – have been following news coming out of Brunei closely in order to craft their schemes in relation to these “storylines”.

These are some of the top scams seen in Brunei, according to CSB:

1. The Post Office scam

The pandemic has seen a huge spike in online transactions as more people choose to stay at home and shop online. 

Scammers have been quick to target online shoppers, sending out an SMS seemingly from “Brunei Post”, informing the recipient that their package has been “relocated” to a post office branch due to unpaid postage fees.

The message typically include a shortened link which will redirect the user to a fake website such as post-bn.com or https://express-bruneipost.online/BN76533523 where they will be asked to enter their full name and credit card details.

Goes without saying, but don’t click on any links in the message, and definitely don’t provide any sensitive financial information such as your account or credit card details. 

You should also watch out for variations of this scam, where scammers pose as representatives from courier companies.

2. The fake COVID-19 relief fund

This particular scam made the rounds on WhatsApp message, asking people to donate to the government COVID-19 relief fund via a malicious link.

Clicking on the link would redirect the user to a malicious website which requested the user’s personal information and bank details in order to donate the money. It would also ask the user to forward the link to up to 15 WhatsApp contacts and chat groups. 

While the user was entering their details, the website ran malicious software in the background in order to steal their personal information and credentials.

A variation of this scam was also spread via email.

Be incredibly wary of messages claiming to be from government or financial institutions. A reputable financial institution will never ask for sensitive information such as login details over email or communication channels such as WhatsApp. 

If in doubt, always verify with the respective organsiation.

3. Fake online sellers

During the Delta and Omicron-fueled waves, scammers preyed on public anxiety.

Health and disinfection products became in short supply, with fake online sellers advertising pre-orders for items such as COVID test kits, special face masks, and home disinfection equipment.

Some of these “sellers” would ask for full payment or a 50 percent deposit up front. However, after weeks of waiting, customers failed to receive their promised item.

Scammers often pretend to be legitimate online sellers using fake websites or apps to steal your personal information. Only buy from known or trusted sellers and read reviews to attest to a company’s reliability.

Take screenshots and save evidence such as conversations and their contact number or email.

4. Impersonating health officials to phish for data

During the Omicron surge earlier this year, the Ministry of Health warned the public of a new scam involving phone calls from randomised numbers, with the callers posing as MoH personnel. 

These scammers wouldt tell individuals that they had been identified as a close contact of a COVID-positive person, then instruct them to call a “Press 1” to verify their personal information.

Always be extra cautious when answering phone calls from international numbers, and never give out personal or financial information over the phone. 

If you do pick up a suspicious call, get the caller’s details, then hang up immediately! Call the government agency they claim to represent on their official business line in order to validate the call. 

Follow these steps to protect yourself from phishing

1. Be skeptical of forwarded messages. Do not forward any messages if you are unsure of its legitimacy.

2. Verify the source of messages or emails by contacting the organisation that it claims to be from.

3. Ignore or delete any suspicious emails or messages immediately.

4. If a call seems suspicious, report it to the respective organisation. If a threat is involved, report it to the police.

5. Do not give out personal or confidential information to anyone you are not familiar with.

6. Do not respond to requests without proper verification.

7. Do not click on links or download attachments from unknown senders, whether through email, SMS, or social media DMs.

8. Update your device’s operating system and software to protect against known security issues.

9. Install antivirus/anti-malware and set it to update automatically.

10. Keep yourself updated with official information on COVID-19.

11. Filter your social media followers and keep your profile private.