Outbreak-Related Phishing Scams on the Rise

A picture of a SARS-CoV-2 virion with

In March of 2020, the United States Secret Service issued an alert regarding COVID-19 (Coronavirus) phishing scams.  The respiratory disease—which was officially declared a pandemic by the World Health Organization—has become a global emergency since emerging out of Wuhan, China.  Since the outbreak began, cybercriminals have been using public fear to fuel a growing variety of scams.

One of the more prominent scams addressed in the alert is the growing “phishing” scam.  Phishing is a type of fraud designed to fool internet or phone users into revealing personal information.  Criminals are using the high levels of public anxiety and confusion to push mass emails that claim to represent health organizations.

If the intended victim (you) opens an email attachment, or if you click a link within one of these malicious emails, the attacker can use malware to infect your device.  The malicious software may then harvest login credentials, financial data, or other secret information.

Enterprises and Teleworkers Need to be Vigilant

This growing wave of phishing attacks comes at an especially bad time for internet users.  The highly-infectious nature of the disease has forced employers and consumers to depend on electronic communications and e-Commerce even more than usual.

In short, the outbreak has created a surge in teleworking and telemedicine.  These conditions greatly increase the severity of attacks such as Business Email Compromise (BEC), ransomware, account takeovers and other major financial crimes that target digital enterprises.

Consequentially, authorities expect even more phishing attempts than in recent years.

According to the U.S. Federal Trade Commission, scammers are already using illegal robocalls to pitch work-at-home schemes and fake emails promising disaster relief checks from the government.

Natural Disaster Scams are Exploiting Good Will

The U.S. Secret Service also warns of scams exploiting the charitable nature of people.  Here, criminals are using legitimate social media platforms to seek donations: claiming that the money will be spent on pandemic relief efforts.

This activity represents the latest type of natural disaster scam, where criminals lure well-meaning but uncritical victims who may render payment without researching the supposed charity first.  To avoid this type of scam, the U.S. Postal Inspection Service recommends you take these six precautions:

  1. Be aware of charity scams.  Only contribute to established organizations.
  2. Don’t click links in emails
  3. As of March 2020, there is no cure or vaccine.  Beware any offers of products claiming to cure or treat the COVID-19 disease.
  4. Don’t Give out Financial Information to anyone you don’t know.
  5. Resist Pressure Tactics.  Don’t be pressured into making hasty decisions.
  6. Know Who you Can Trust.  Consult with a trusted friend or family member before even considering a payment.

When in doubt, simply don’t pay or give away any information.  Always independently verify that any request has originated from a legitimate source.

What’s Being Done About It?

U.S. Attorney General William Barr has asked federal prosecutors around the country to make investigating coronavirus scams a top priority.

In a March 2020 press release, the Office of the Attorney General urged the public to report suspected fraud schemes related to the COVID-19 outbreak by calling the National Center for Disaster Fraud (NCDF) hotline; or by emailing the NCDF.

Simple Ways to Protect Yourself

Having the ability to report problems is good, but the best strategy is obviously to avoid being scammed in the first place.  To avoid falling victim to phishing scams in general, the U.S. Department of Homeland Security has offered these pieces of advice when dealing with electronic messages:

1.  “Don’t just click on links.”  Instead, inspect the link first to check where it is truly directed.  Or better yet, avoid clicking the link altogether.

2.  Be careful about attachments.  And if you don’t know where the message came from, don’t open the attachment at all.

3.  Be careful with your information.  Be suspicious of messages that want your personal information, your banking information, or something similar.

References

[1] United States Secret Service, “Secret Service Issues COVID-19 (Coronavirus) Phishing Alert,” United States Department of Homeland Security, Washington, D.C., 2020.
[2] World Health Organization, “Virtual press conference on COVID-19 – 11 March 2020,” World Health Organization, Geneva, Switzerland , 2020.
[3] B. McKay, J. Calfas and T. Ansari, “Coronavirus declared pandemic by World Health Organization,” The Wall Street Journal, 11 March 2020.
[4] B. Chappell, “Coronavirus: COVID-19 Is now officially a pandemic, WHO says,” NPR Illinois, 11 March 2020.
[5] X. Tang, C. Wu, X. Li and et. al., “On the origin and continuing evolution of SARS-CoV-2,” National Science Review, Vols. Advance Article – Sep 9, 8, 2020.
[6] K. Andersen, A. Rambaut, W. Lipkin and et. al., “The proximal origin of SARS-CoV-2,” Nature Medicine, Vols. OnlineFirst – Mar 17, 2020, pp. 1-3, 2020.
[7] P. Zhou, X.-L. Yang, X.-G. Wang and et. al., “A pneumonia outbreak associated with a new coronavirus of probable bat origin,” Nature, vol. 579, pp. 270-273, 2020.
[8] F. Wu, S. Zhao, B. Yu and et. al., “A new coronavirus associated with human respiratory disease in China,” Nature, vol. 579, pp. 265-269, 2020.
[9] B. Mayes, “Protect Yourself for Cybersecurity Awareness Month,” Voxidyne Media, 13 Oct. 2019. [Online]. Available: https://unboxing-tomorrow.com/protect-yourself-for-cybersecurity-awareness-month/. [Accessed 22 Mar. 2020].
[10] U.S. Federal Trade Commission, “Coronavirus Scams: What the FTC is doing,” U.S. Federal Trade Commission, [Online]. Available: https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing. [Accessed 22 Mar. 2020].
[11] U.S. Postal Inspection Service, “Coronavirus Related Scams,” U.S. Postal Inspection Service, 17 Mar. 2020. [Online]. Available: https://www.uspis.gov/news/scam-article/coronavirus/. [Accessed 22 Mar. 2020].
[12] Office of the Attorney General, “Attorney General William P. Barr Urges American Public to Report COVID-19 Fraud,” U.S. Department of Justice, Office of Public Affairs, Washington, D.C., 2020.
[13] D. Shortell, “Attorney General Barr: Prioritize investigations of fraudsters exploiting coronavirus pandemic,” CNN, 17 Mar. 2020.
[14] M. Kosnar and R. Shabad, “Barr issues memo to U.S. attorneys outlining DOJ priorities amid the outbreak,” NBC News, 17 Mar. 2020.
[15] J. Dunleavy, “Barr instructs federal prosecutors to prioritize investigations of coronavirus scammers and hackers,” Washington Examiner, 16 Mar. 2020.
[16] United States Department of Homeland Security, “Cyber Tip: Become Cyber Savvy…Protect Against Phishing Attacks,” United States Department of Homeland Security, [Online]. Available: https://www.dhs.gov/science-and-technology/cyber-tip-become-cyber-savvyprotect-against-phishing-attacks#.

Important Notice: This article and its contents (the “Information”) belong to Unboxing-tomorrow.com and Voxidyne Media LLC. No license is granted for the use of it other than for information purposes. No license of any intellectual property rights is granted.  The Information is subject to change without notice. The Information supplied is believed to be accurate, but Voxidyne Media LLC assumes no responsibility for its accuracy or completeness, any error in or omission from it or for any use made of it.  Liability for loss or damage resulting from any reliance on the Information or use of it (including liability resulting from negligence or where Voxidyne Media LLC was aware of the possibility of such loss or damage arising) is excluded.