The panic caused by novel coronavirus disease (COVID-19) pandemic is being exploited by threat actors for phishing and data exfiltration, and malware distribution.
The massive increase of remote workers, many of whom apply poor security measures on their computing devices, have opened new avenues for exploitation.
Opportunistic fraudsters distribute misinformation and fake safety advice, often with malware, request personal data for providing allegedly up-to-date information on COVID-19, or try to convince people to perform financial transactions, particularly through purchasing bogus products (fake cures).
One purported COVID-19 alert, seemingly sent by the WHO, is actually a spam that distributes a new variant of the HawkEye keylogging malware.
As INTERPOL warned about financial fraud linked to COVID-19, “criminals are exploiting the fear and uncertainty created by COVID-19 to prey on innocent citizens who are only looking to protect their health and that of their loved ones”.
The list of cyberthreat types associated with coronavirus includes a wide range of fake products and scams, from bogus Starbucks gift cards to vacation scams, and from bogus property rentals to mobile apps, such as CovidLock, which seemingly serves the purpose of tracking the spreading of the coronavirus, but is actually an Android ransomware.
ZDNET reported that thousands of COVID-19 scam and malware sites have been created. This is already evidenced by legal actions, such as the restraining order of the US Federal Court against a website offering fraudulent coronavirus vaccine, however, many of such websites are live and their number is still on the rise.
In Australia, Scamwatch of the Australian Competition and Consumer Commission (ACCC) received reports of COVID-19-themed scam texts sent to members of the public.
Telstra warned people about fake SMS messages sent on COVID-19 testing, and reported scammers providing fake phone support by pretending to be a staff member of Telstra, NBN, or Microsoft. 9News reported flight cancellation scams, while Moneysmart of the Australian Government warns about superannuation scams. In New Zealand, the Financial Markets Authority (FMA) reported investment scams related to goods in great demand, such as sanitary products.
Fake coronavirus maps are emerging, along with text message scams and phishing emails claiming to have updated COVID-19 information.
These scams are emerging around the world.
In China, online scammers taking advantage of the community fears created a shortage of face masks, while a social engineering attack has been impersonating the Mongolian Ministry of Foreign Affairs in the form of press briefings. In Hong Kong, the police force issued a scam alert due to phone scammers posing as government officials telling “anomalies” in their health, only to try them divulge their bank details.
A scam recently appeared in South Africa about the Reserve Bank allegedly collecting “contaminated” banknotes and coins. The European Commission was put on high alert when rogue traders started advertising and selling products, such as hand sanitisers to consumers.
In the US, government-issued relief fund (stimulus package) emails have been circulated, asking for personal information, and scammers try to trick people into reserving a COVID-19 vaccine over the phone. Other types of cyberthreats include fake fundraising and scammers impersonating the WHO for donations, and COVID-19 testing kit scams. According to YouMail, Americans receive 1M+ robocalls daily, some of which offer non-existing at-home coronavirus testing products.
In Canada, scam sites selling cleaning products to “super-clean your house or office” appeared along with, according to the Canadian Anti-Fraud Centre, “special” air filters to protect from COVID-19; fake lists of COVID-19-infected people in the vicinity, seemingly from the Centers for Disease Control and Prevention; and fraudsters posing as agents of the Public Health Agency of Canada, tricking victims into confirming health card and credit card numbers for a prescription.
The variety of cyberthreats related to COVID-19 makes it necessary to be sceptical and vigilant, and never click on suspicious links or open suspicious attachments. Having security protection (antivirus, firewall, frequent updates, multi-factor authentication, regular backups, using company VPN, etc.) for computing devices is fundamental, but users must also remain alert.
Users should look carefully to spot signs of scam such as wrong addresses, misspelled domains, and misleading URL names. Even if an email appears to be sent by a legitimate organisation, such as the government or the WHO, keep in mind that logos and branding can be faked, and email headers spoofed.
Requesting a payment related to COVID-19 via Bitcoin is always a red flag. Missing the appropriate license required for providing a financial service, whether banking, superannuation, or investment, can indicate fraud, which can be prevented by looking up the relevant government website, such as the ASIC website, and search for the company in question.
Taking tough security measures to fight cybercrime related to the novel coronavirus pandemic is particularly important, considering its global presence and potential impact, and the exponentially increased number of people working from home in these hard times.
Dr Leslie Sikos is a lecturer in computing and security in the School of Science, and a researcher at the Institute for Securing Digital Futures and at CyberCRC
This article was first published in Cyber Risk Leaders Magazine.
Please leave a comment about your rating so we can better understand how we might improve the page.