Thousands of fake Canadian government websites, emails and apps that take advantage of the pandemic to try to mine personal data or steal money have been taken down in the last few months, according to the Canadian Centre for Cyber Security.

The centre leads the federal government’s response to cybersecurity events, defends Ottawa’s cyber assets and provides advice to Canadian industries, businesses and citizens about how to protect themselves online.

Evan Koronewski, a spokesperson for the centre, said over email the fraudulent websites are impersonating the government of Canada to „deliver fake COVID-19 exposure notification applications, designed to install malware on users devices.” Those programs were created to steal personal information or money, Koronewski said.

Since March 15, the centre has helped remove more than 4,000 such fraudulent sites or email addresses, and the work is ongoing, he said. In some cases the sites were pretending to be the Public Health Agency of Canada or the Canada Revenue Agency.

While Koronewski couldn’t say how many Canadians have been taken in by these particular scams, the Canadian Anti-Fraud Centre, a separate federal organization, said between March 6, 2020, and Jan. 10, 2021, there were 8,583 Canadian victims of a wide range of COVID-19 fraud.

Those included everything from people buying fake vaccines and COVID test kits, to identity theft and ransomware attacks. In total, COVID-19 fraud has cost Canadians $7 million, according to the anti-fraud centre’s website.

The government of Canada’s legitimate COVID Alert app launched in July in Ontario before rolling out in other provinces (currently Alberta and British Columbia are the only provinces that haven’t adopted it). Cybersecurity experts say anyone looking to download that COVID Alert app should only do so from trusted app stores.

In general, people need to carefully review the terms and conditions of an app before they install it, said Arash Habibi Lashkari, an assistant professor and research co-ordinator at the University of New Brunswick’s Canadian Institute for Cybersecurity.

People should also consider what systems an app wants permission to access on their phone or computer, and determine if that matches up with what the app is supposed to do. If you download photo editing software, for instance, and it wants access to your telephone contact list, that should raise some red flags, he said.