About a month ago, we reported a rise in COVID-19 themed email scams that were infiltrating inboxes worldwide. These included emails impersonating the World Health Organization, through to those selling face masks at unbelievable prices.
Fast forward to now, and scams exploiting the virus have exploded in frequency, intensity and variety. Preying upon a global population anxious for safety and reassurance, they have pervaded every aspect of daily life – exploiting the way we live, work and everything that comes in between.
The scam explosion
Google says it intercepts 18 million COVID-19 scams and phishing emails every single day. Consumer complaints in the United States related to COVID-19 doubled in a single week to 7,800, according to the American Federal Trade Commission. The top categories of COVID-19-related fraud complaints included travel and vacation related reports about cancellations and refunds, reports about problems with online shopping, mobile texting scams, and government and business imposter scams. In fraud complaints that mentioned COVID-19, consumers reported losing a total of $4.77 million, with a reported median loss of $598.
The Australian Cyber Security Centre (ACSC) issued an alert this week on the vast increase in cyber scams related to the virus, saying there has been a “significant increase in Australians being targeted with COVID-19 themed scams, fraud attempts and deceptive email schemes”. Since 10th of March, the ACSC received more than 95 cybercrime reports – two per day – about Australians losing money or personal information due to a COVID-19 themed scam or online fraud. In this time, the ACSC also responded to 20 cyber security incidents impacting important COVID-19 response services or major national suppliers. In addition, they disrupted more than 150 malicious COVID-19-themed websites, with assistance from Google and Microsoft.
Similarly, the UK’s National Cyber Security Centre (NCSC) announced earlier this week that it had taken down more than 2,000 COVID-19 related scams in a single month. The swindles included: 471 stores selling fraudulent Coronavirus related items, 555 websites trying to launch malware on visitors, 200 phishing sites seeking personal information such as passwords or credit card details, and 832 “advance-fee frauds” where victims are duped into handing over a “set-up” payment in the belief they’ll get a large sum in return. The Guardian reports that more than 700 fake websites mimicking Netflix and Disney+ signup pages have been created seeking to harvest personal information from consumers during the Coronavirus lockdown streaming boom.
By targeting different demographics and multiple industries across the world, these scams are causing widespread suffering – with some even inflicting physical harm and damaging property.
A recently reported cyber-attack on one of the Czech Republic’s largest COVID-19 testing laboratories is a perfect example; the attack was severe enough to cause a complete shutdown of the hospital’s IT network, urgent surgical procedures had to be postponed, and patients were shifted to a nearby hospital. The National Fraud Intelligence Bureau (NFIB) reported a case involving criminals asking for donations to help fight COVID-19. Intelligence analysts have also monitored a rapid escalation in criminal gangs using a range of scams, many of them targeting elderly people who are self-isolating.
There was also a warning by Europol, the EU's Den Haag-based police authority, that cautioned citizens of an increase in thefts and home break-ins. As a result of the self-isolation regime brought on by COVID-19, many businesses and medical facilities are either abandoned or poorly protected, and criminals are increasingly attempting to break into private homes. Europol said criminals often pose as civil servants or paramedics, pretending they need to administer Coronavirus tests or monitor presence in a house in order to make their way into a person's home before creating a diversion, allowing them to rob unsuspecting individuals.
Fake jobs, fake announcements
We know that this isn’t anything new, and that global events like these have always been a hotbed for scams and cybercrime. But the past month has been a painful reminder of the lengths criminals can go to in exploiting them. As we adjust to the new norms and challenges brought on by the virus, scammers, too, are fine-tuning their attacks in accordance to these disruptions.
For example, the surge in layoffs following the closure of non-essential businesses have made more people suitable targets for scammers. These criminals know that people are desperately looking for jobs and ways to sustain their income – and aren’t hesitating in taking advantage of that desperation. In Canada, an emerging swindle involves criminals posing as recruiters or human relations staff when they “phish” for sensitive data. These scammers pretend to be representatives of essential services that are still open. Loblaws, Shoppers Drug Mart and No Frills issued alerts on their respective Facebook pages regarding scammers who were asking job seekers for personal information and even payment.
Scammers aren’t even sparing government authorities. ABC reports that COVID-19 related scams are replicating government announcements within hours, while Scamwatch warned that cybercriminals are pretending to be government agencies and other entities offering to help with applications for financial assistance or subsidy benefits, as per the below example:
At MailGuard, we intercepted a series of malicious emails that similarly attempt to manipulate users suffering from financial turmoil and difficulties triggered by the pandemic by pretending to offer them a “COVID-19 relief payment”.
As more businesses shift their operations to a remote work model in the midst of the COVID-19 lockdown, security experts have also predicted a 30-40% hike in cyberattacks due to increased remote working. Cybercriminals are taking advantage of the increased dependency on less secure personal devices (e.g. WhatsApp), private networks, and 3rd party apps to exploit more vulnerabilities.
Telstra reported that cybercriminals are targeting staff ordered to work from home amid the COVID-19 pandemic, with convincing phishing emails that even reference the victim’s workplace. Popular video conferencing app Zoom also came under fire this month, as widespread reports of “Zoombombing” surfaced – with everything from violent videos to pornographic content shown on company calls. For instance, the New York Times reported that Chipotle’s public event on Zoom had to be shut down because adult content was being illegally broadcasted to hundreds of attendees. As examples of how cybercriminals are exploiting these digital disruptions to routine business operations, we also intercepted a phishing email notifying employees about a new “Outlook Web App” and one simply titled “IT COVID-19 update”.
Collaboration and proactive measures are key
The above list of COVID-19 themed scams isn’t comprehensive, and there are many more examples of such scams. The overwhelming scope of the pandemic has upended several aspects of our daily life, giving scammers the opportunity to exploit any vulnerability possible. The FBI has recently warned that these scams will continue to rise and that consumers and businesses should be on the constant lookout for anything suspicious. While this is wise counsel, it is sad that today’s scams indicate that even acts of humanity like someone asking for donations, could turn ugly, especially amid an environment already full of suffering and fear.
At MailGuard, we firmly believe that a collaborative approach can help mitigate the risks of these scams. We recommend that you report any scam that you see or hear to the relevant authorities. Let this also be a good opportunity to re-evaluate your business’ cyber readiness and take proactive measures to help your teams become more cyber resilient. If you need more support in protecting your business from cybercrime, feel free to reach out to us at firstname.lastname@example.org.
For scammers, COVID-19 is a lucrative opportunity, and they will go to any lengths to exploit it before moving onto the next big opportunity. Let’s continue being vigilant and help each other stay safe.