Here we are at the one-month mark, when life as we know it really started to change. Yes, check your calendar again. Just. One. Month.

Things were different. You could go to the store and find most of what was on your shopping list. (I know, disinfecting wipes are sold out everywhere. You should make your own!) And we just had run-of-the-mill phishing texts or sextortion emails. Robocalls pretended to be IRS agents wanting us to pay them with iTunes gift cards. How quaint.

In 2019, only 190 domains were registered using the words “corona” and “covid.” In January of 2020, that number was more than 1,400. In February, it soared past 5,000 before topping 38,000 in March.

Now even the scams have been taken over by the coronavirus pandemic — hoaxes, conspiracy theories and fake news are virus-related. What’s typical now are scammers trying to sell you testing kits and miracle vaccines, along with hoaxes about national shutdowns and martial law. But this one is vile.

Blood, saliva and the dark web

It sounds like Stephen King’s next bestseller or a new Quentin Tarantino film. But no, this is one of the latest, and most disgusting, scams that’s made its way online.

An ad was posted on a dark web market called Own Shop, detailed by Vice. The seller behind this ad claims he’s been previously infected by COVID-19, and now he’s decided to sell his own blood as plasma therapy and saliva that’s apparently “immune” to the virus.

You know, a real hero who’s just looking to sell his bodily fluids on the dark web for a mere $1,000. Obviously, it’s a hoax. It’s part of a massive surge of COVID-19-related scams on deep and dark web markets where criminals exploit fear by offering what no one else has, like temperature detectors and tools to protect yourself from the virus.

Pro tip: Don’t go hanging around the dark web. And certainly don’t buy the first listing for blood and saliva you see. Shop around first. Oh, and be sure to read the reviews.

Ridiculous stimulus sinfulness

Most Americans are in line to get stimulus funds, which could start arriving via direct deposit as early as this coming week.

The IRS is handling the process, which means your stimulus check is directly tied to your 2018 or 2019 tax return. Let me be very clear: You’ll still qualify even if you owe a bill. No doubt quite a few people aren’t aware of that, which is exactly what scammers are banking on .

In Greeley, Colorado, roughly 50 miles north of Denver, police are receiving reports of scammers telling taxpayers that they won’t get their stimulus checks until they pay off outstanding tax bills. Not to worry, though. These do-gooders make it easy. You can clear the debt by sending money via PayPal. Or you know, pay with gift cards, which is always a legit option.

In another variation of this scam, some have even reported getting fake checks in the mail with instructions to pay a processing fee for faster access to funds. Again, these “fees” are advised to be paid via gift cards or payment services.

Even if you don’t catch one of those initial red flags, here’s a good thing to remember: The IRS will never ask you to pay with anything other than a check or through their own payment system. And if you recently received a check in the mail that looks like it, again, real stimulus payments haven’t even started yet.

PSA Opportunity

There are quite a few other scams dealing with the coronavirus stimulus relief funds. Here’s everything you need to know about them. Share that PSA link with your family and friends on Facebook who are susceptible to such offers. Just say something like, “I almost fell for these clever scams and want to make sure you don’t.” I’ll keep your secret.

Feel like being tracked?

Apple and Google have teamed up to develop technology that will alert you, using your smartphone, if you have come into contact with anyone infected with coronavirus. They say this “Contact Tracing” is voluntary.

Voluntary or not, someone is building a vast database of who’s had the virus, who hasn’t and who is contagious right now. The Goggle-Apple plan is to turn all smartphones into coronavirus tracking devices. Think about that for just a second. There are more than 105 million iPhone users in the U.S. and roughly 125 million Americans who own an Android, according to Statista.

Third-party apps will do the tracking and communicate between Apple’s iPhones and Google’s Android software, which powers all the other smartphone brands. Are there privacy concerns here? You bet. But both companies emphasize that participation will be both anonymous and voluntary.

Remember those words: “Anonymous and voluntary…”

Let’s take a break from coronavirus and talk about smartphone security. I read an interesting study the other day about fingerprint authentication and how reliable it really is to keep your devices secure. Turns out, it’s really not all that foolproof.

The research was conducted by Paul Rascagneres and Vitor Ventura from Cisco’s Talos security group. These guys spent $2,000 over the past few months testing fingerprint authentication tech from Apple, Microsoft, Samsung and others.

Before getting started, researchers created 50 fingerprint molds. Below are the devices that weren’t fooled by the fakes:

• Lenovo Yoga laptop
  
• HP Pavilion X360 laptop
  
• Lexar JumpDrive F35 USB flash drive
  
• Verbatim Fingerprint Secure drive
  

Notice anything missing from the list of successes above? There aren’t any smartphones. To be fair, the Samsung A70 wouldn’t unlock using the fake fingerprints, but it hardly worked with real fingerprints, either. Now for the devices researchers were able to crack more than 90% of the time:

• Apple iPhone 8
  
• MacBook Pro 2018
  
• Samsung Galaxy S10
  

And the winner for the device most susceptible to fake fingerprints was (drumroll, please): The Samsung Galaxy Note 9, which was successfully bypassed 100% of the time. This is the second major award like this for a Note smartphone. You might remember a few years ago that the Note 7 was the smartphone most susceptible to catching fire and exploding. Yikes!

Back to this study, the overall result is that, on average, these fake fingerprints could successfully bypass fingerprint sensors about 80% of the time across all devices tested, some of which we didn’t list. See all the results here. 

So does this mean your phone, laptop or other device with fingerprint security isn’t secure? No, it doesn’t. The tech isn’t perfect, but it’s still a far safer alternative than passwords and passcodes.

Keep in mind, these were painstakingly detailed tests using 3D-printed molds, too. You would probably have to be in possession of some pretty big state secrets for anyone (like nation-state attackers) to go to that much trouble to break into your phone or computer through a fingerprint reader.

Besides, if you have a newer iPhone, fingerprint readers aren’t even a thing anymore. Just keep using Face ID.

Speaking of Apple

In case you haven’t heard, the latest iOS update 13.4.1 for iPhone and iPad had a slew of issues. We’ve got the details on our site.

Doesn’t the old Hollywood Squares game show look like a video call? In any other situation, I’d be blown away by Zoom's recent increase in daily active users (10 million in December to 200 million in March). Really, though, that’s no big surprise. 

Video calls have quickly shifted to necessity. And all those new users have brought criminals out of the woodwork to shine a very bright light on previously hidden security issues. I’ll walk you through a few and what you can do about them.

Sharing is not caring

Let’s start with a core feature — meeting codes. It’s easy to create and share a meeting link — a little too easy. Zoombombing is when someone with not-so-nice intentions joins a public call to cause chaos. Sometimes it’s relatively harmless, and other times it’s downright horrifying. Read a couple of the horror stories if you’re curious.

To keep your Zoom meetings safe:

• Consider your meeting links private and only share them with people who will attend.
  
• Instruct participants specifically not to share the links with anyone else.
  
• Avoid posting the link on unsecured channels like social media or a website.
  
• Treat anything you post like it’s public. Don’t share personally identifying information or photos during meetings or with other participants.
  

Next, take a minute to adjust these settings on all your calls.

Screen sharing: Click Settings on the left-hand side of the Zoom’s site and scroll down to Screen sharing. Switch the toggle to the left to disable the feature, which will block participants from sharing content on their screens. The toggle will go from blue to gray when it’s disabled.

File sharing: While in Settings, scroll down to the section labeled File transfer. Switch the toggle to the left on Hosts and participants can send files through the in-meeting chat. The toggle will go from blue to gray when it’s disabled.

Yay! Waiting rooms: Zoom now automatically enables waiting rooms by default. This means you have to allow people into your call manually. Double-check this setting is enabled. Open the Settings tab and click on the In Meeting (Advanced) option. Toggle on Waiting Room.

Now you can Zoom in peace. 

Use a different video chat client?

We’ve got tips on the security settings you should enable for all the top contenders, including Skype, Google Meet and GoToMeeting. 

This stunning graphic, from the /DataIsBeautiful sub-Reddit, shows coronavirus deaths compared to other epidemics, since 2000, from the day of the first death. Watch the entire thing, from creator harry29ford, here. (Remember, this is Reddit so you should probably skip the comments.)