SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

Checklist 177: The Coronavirus Checklist

Posted on March 12, 2020

This Checklist is all about Covid-19, the severe new form of coronavirus which has recently reached pandemic status. We’ll cover several safety issues related to the virus — both digital and physical — to help you protect yourself online and IRL:

Coronavirus malware, scams, and phishing attacks

During a public crisis, malicious actors tend to prey on people’s fears, and the coronavirus pandemic is no exception to this rule. With Covid-19 spreading, and health officials sounding dire warnings about the seriousness of the disease, scammers and hackers are engaging in some truly vile virus-related scams and attacks.

To begin with, it seems that criminals are setting up fake websites to take advantage of the public’s worry about the disease. The problem appears to be fairly widespread: According to security researchers at Checkpoint, coronavirus-themed websites are 50% more likely to be malicious than other websites. Thousands of new domains related to the pandemic have been set up since January, and while most of these are legitimate, a disproportionately high number are not. Some of these websites contain good old-fashioned phishing attacks, while others are fraudulent sites offering everything from face masks (which are never delivered) to Covid-19 home test kits and vaccines!

Bad actors are also using email attacks to target those who are hungry for information about the pandemic. In Italy, people have been receiving malicious emails which claim to be from the World Health Organization (WHO) — and which contain an attached file. The email tells the recipient that the attachment has important information about the disease, and that it should be opened immediately. Of course, the file contains no such information: It’s malware. 

Similar scams have been spotted all over the world in recent weeks, with hackers claiming to be from the WHO or Centers for Disease Control (CDC). In some attacks, victims are told that the virus has been detected in their location, and are asked to enter sensitive personal information — things like email passwords or Microsoft Outlook credentials — in order to learn more.

Such scams and attacks are, of course, upsetting — but thankfully they can be avoided by taking some basic precautions.

Be wary of all links to websites, whether that link comes in the form of an email, text message, messenger app message, social media post, or sponsored search result. In general, don’t click on any link that you’re not expecting or that comes from an unknown sender. If you receive something that appears to come from a real organization, double check the email header to verify that the sender is really using the official domain: example@cdc.gov is likely legitimate, but example@cdc-gov.info is definitely not! 

In addition, use a bit of common sense when evaluating an email or link. If someone is offering you a “cure” for the Covid-19 virus, you know it’s not real. And if the WHO or CDC had urgent information for the public, they would simply make it public — and they certainly wouldn’t require your email password or MS Outlook login to access it.

When buying anything online, be careful. Ideally, you should only buy from vendors you know and trust. If you’re considering an online merchant that you’ve never bought from before, do a little research before making any purchases. Check out their customer reviews if you found them through a large platform like Amazon or Facebook. If you’re dealing with a standalone web store, take a look at the WHOIS data for their domain using a lookup tool — this can give you a bit of information about the site owner, and let you know how long the website has been in existence. If it was just set up a week or two ago to capitalize on the pandemic, it might be legit — but there’s a higher than average probability that it isn’t. If possible, go buy what you’re trying to buy from a well-established seller.

Lastly, remember that while these kinds of phishing attacks and scams may not fool you, they may seem convincing to people who are less technically adept. If you have a friend, coworker, or relative who struggles a bit with digital security, take a moment to sit down with them and talk it over (ideally keeping a minimum distance of one meter between you!). Let them know that these scams are out there, and tell them what steps they should take to keep themselves safe.

Keeping your iThings clean

We’re all washing our hands more frequently these days. But what about the things that those hands touch all day long: mobile devices, wearables, and peripherals? Since these electronic devices can harbor germs too, many people are eager to clean them — but without damaging their equipment. Luckily, Apple has just released a revised set of guidelines to help users safely clean their AirPods, Apple Watches, iPads, and iPhones. We’ll take you through these in what follows:

AirPods (and their cases)

You have to be a little more careful with the actual AirPods than with their charging cases. Don’t run your AirPods under water or try to clean them with sharp objects, and limit your cleaning to wiping them down with a dry, lint-free cloth.

The charging cases are a bit more rugged, and can stand up to a chemical disinfectant — which is a good thing, since they’re more likely to come into contact with germs than the actual AirPods! Apple says that it’s OK to clean AirPod cases by first wetting a lint-free cloth with a bit of isopropyl alcohol, and then gently wiping them down.

Apple Watches

Next up, Apple Watches. Apple’s advice for cleaning these is fairly conservative. You need to turn off the Apple Watch and disconnect it from any charger before you clean it, and should make sure to clean the watch band separately. 

A damp cloth is acceptable for cleaning the watch itself, and if you have a newer, waterproof version of the Apple Watch, you can even put it under running water for a few seconds.

iPads and iPhones

This is where we see the biggest change in Apple’s guidance for device care, which is pretty obviously a response to the ongoing coronavirus crisis. 

Apple now says it’s OK to wipe down hard, non-porous exterior surfaces of a device with a Clorox Disinfecting Wipe or a 70% isopropyl alcohol wipe. This would apply to things like displays and keyboards, but not to leather or fabric surfaces. Apple notes that it’s important to avoid getting moisture in any of your device’s openings when you clean it. In addition, while a Clorox wipe is OK, you should never use actual bleach as a disinfectant, nor should you use any kind of compressed air cleaner.

The company had previously recommended against disinfecting wipes, due to their tendency to damage screen coatings with repeated use. It’s not clear that anything has changed with respect to the long-term effects of such chemical wipes, so perhaps this is just a case of desperate times calling for desperate measures.

It’s nice that we all have a bit more latitude now when it comes to cleaning our iPhones and iPads, but frankly, disinfecting mobile devices is probably of most relevance to people who work in busy offices or public places, or people who need to share devices with others. Of course, the best protection against germs is still to follow the guidelines laid out by medical professionals: wash your hands properly and often, avoid touching your face, and work from home if possible.

That takes us to the end of this week’s Checklist, but we’ll be back with more news, updates, commentary, and tips next week. In the meantime, take a moment to explore our archives at SecureMac.com/Checklist — every past podcast is available for listening or downloading, and each podcast has a complete set of show notes if you’d prefer to read those instead. And as always, feel free to write to us with your questions and suggestions at Checklist@SecureMac.com

Join our mailing list for the latest security news and deals