CoronavirusThe ingenuity of fraudsters never ceases to amaze me.  Since the start of the pandemic, the number of frauds related to the Covid19 virus has escalated, with the first Corvid19 related fraud reported in early February.  Losses top the fraud have already exceeded the million-dollar mark and are escalated as fear spreads through the community.

Some cybercriminals clearly think that all their Christmases have come at once:

  • An anxious population
  • Vulnerable people at the highest risk
  • Excessive demand for products that have led to acute shortages
  • Masses of misinformation sloshing around the social media networks

This all equates to a massive opportunity for scammers to explore new avenues to exploit people.

Types of Scam

The majority are related to online shopping scams, where people have ordered protective products such as face masks, hand sanitizer, toilet paper and other products, which have never arrived.  Price gouging of these products has also occurred online, with Lysol wipes sold at more than 5 times the shop price by unscrupulous vendors.

There are a number of emails circulating claiming to be from legitimate organizations, asking for money to help fight the epidemic.  This can range from funds needed to find a cure, to the purchase of ventilators and other medical equipment for countries in need.

Action Fraud has also received over 200 reports of coronavirus-themed phishing emails.

email

These attempt to trick people into opening malicious attachments which could lead to fraudsters stealing people’s personal information, email logins and passwords, and banking details.

Tactics used

Some of the tactics being used in phishing emails include:

  • Fraudsters pretending to be from a research group that mimic the Centre for Disease Control and Prevention (CDC) and World Health Organisation (WHO). They claim to provide the victim with a list of active infections in their area, but to access this information the victim needs to either: click on a link which redirects them to a credential-stealing page; or make a donation of support in the form of a payment into a bitcoin account;
  • Fraudsters providing articles about the virus outbreak with a link to a fake company website where victims are encouraged to click to subscribe to a daily newsletter for further updates;
  • Fraudsters sending investment scheme and trading advice encouraging people to take advantage of the coronavirus downturn; and
  • Fraudsters pretending to be from the Canada Revenue Agency offering a tax refund and directing victims to a fake website to harvest their personal and financial details. The emails often display the CRA logo making it look reasonably genuine and convincing.

Be Careful

 

“These frauds try to lure you in with offers that look too good to be true, such as high return investments and ‘healthcare opportunities’, or appeals for you to support those who are ill or bogus charities,” Graeme Biggar, director-general of the National Economic Crime Centre, said.

“The advice is simple, think very carefully before you hand over your money, and don’t give out your personal details unless you are sure who you are dealing with.

“We are working together across law enforcement, government and the private sector to combat this criminal activity and protect the public. If you think you have been a victim please report to Action Fraud.”

Tom Selby, a senior analyst at AJ Bell, said: “While the country hunkers down in the hope of slowing the spread of coronavirus, the economic fallout will inevitably lead to an increase in the number of vulnerable or potentially vulnerable people in the UK.

“In such an environment, unscrupulous scammers will already be plotting ways to take advantage during what for many will be a time of serious financial strain.

“Scams claiming to allow people early access to their retirement pots could come back to the fore if we see a surge in unemployment placing immediate pressure on household incomes.”

Countermeasures

Look at where the email is coming from

“Make sure the sender has an email address such as ‘person@who.int’. If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO. WHO does not send emails from addresses ending in ‘@who.com’, ‘@who.org’ or ‘@who-safety.org’ for example.”

Before clicking on any links, hover over the link and check to see if the website you will be redirected to is legitimate.

If in doubt navigate to the dedicated website and check to see if the information is real.  Never use email addresses or phone numbers provided in the emails