The ongoing COVID-19 pandemic has thrown the world into an unprecedented crisis. People across the globe are uncertain about their future as industries, airlines, businesses and the hospitality sector remain shut. People are working from home using cloud-based remote connectivity, leading to an entirely different work environment and creating an entirely new threat area where effective cyber security controls from the corporate world do not apply.
There is a tsunami of communications across various channels and platforms related to deaths, treatments and prevention of coronavirus. Taking advantage of the heightened state of attention and fear over coronavirus outbreaks, cybercriminals and other malicious factors have jumped into the fray.
It's evident from the spate of recent financial cyber crimes that the more the virus continues to spread globally, the higher the reach and instances of the scams as the fear among people will rise.
According to a data gathered and analysed by Atlas VPN, the number of phishing websites spiked by 350 per cent amid COVID-19 quarantine. As Google reports it, the number of registered phishing sites has been snowballing over the last three months. In January, Google registered a total of 149,195 active phishing websites and the number increased to 522,495 in a span of two months, thereby showing a 350 per cent rise.
With more and more people forced to stay at home during quarantine, internet usage is higher than usual. The screen time has also increased exponentially. Almost all organisations are now opting for ‘work from home’. This requires an immediate need to ensure existing protections in this newly remote environment and also making employees aware of the types of threats and how to identify them. With cloud-based remote connectivity, there’s a fair chance of hackers attempting to compromise employee devices and collect credentials that can give them access to companies’ accounts and data.
Some recent incidents where the Covid-19 scare was used to defraud, extort, hack or otherwise mislead unsuspecting victims are enumerated below.
Consumer relief package
As the economic fallout of the COVID-19 pandemic continues, attackers are leveraging consumer anticipation of tax relief and government-issued economic stimulus plans. These attacks trick victims into dropping their guard and clicking on a malicious link. In one such recent attempt in the UK, if the receiver clicked on the ‘access your funds now’ link, it would take them to a fake government webpage of UK revenue and customs, encouraging them to input all their financial and tax information.
Help desk impersonation
At a time when technical support teams are helping employees transition to remote workstations, cybercriminals are impersonating IT help desks to take advantage of their increased visibility and communication. Employees working remotely for the first time are likely in contact with IT and security teams more than ever before. Their communication with the help desk may be more susceptible to clicking on a malicious link in this type of attack.
Bad online actors are “creating fear” in fake emails that often use terms such as “reset password” or “business continuity” to spark urgency. Scammers are also targeting home workers with fake sites that replicate popular teleconferencing platforms.
The dark web is buzzing with COVID-19 scam 'kits' complete with fraudulent email templates specific to different organisations to target workers at home.
Safety measures turned malicious
This phishing attack impersonates a coronavirus specialist from the World Health Organisation to trick victims with two malicious options. An email urges the victim to download a malicious file disguised as a safety document.
Internal organisation alert
This phishing attack takes a corporate approach by impersonating a company’s president to deliver an attachment disguised as tips to prevent infection. The attachment is designed to infect an employee’s machine with malware.
New phishing sites per month have more than doubled. As part of the broader trend of increased remote workforce phishing, Office/Outlook phishing sites were up 46% (Early March vs. early Feb) according to a RedMarlin report.
A phish email recently discovered, purporting to be from Centre for Disease Control (CDC; a highly trusted organisation) contains a URL. The HTML display link is a legitimate site (cdc.gov), but when hovered over with the mouse pointer, it reveals its true link. And when clicked, it redirects to a different website. So while the victim believes they are clicking on a legitimate CDC URL, they will be redirected to the credential phishing site, which asks for an Outlook username and password. Any victim trying to log on to the website will be handing the attackers their username and password.
New cases in your area
This attack preys on the fears of coronavirus spreading near the victims’ location. Disguised as a CDC alert, this phishing email tricks victims into clicking on a malicious link by offering an updated list of new cases of the virus documented near them.
A series of phishing mails ask the recipients to "go through the attached document on safety measures regarding the spreading of coronavirus."
The donation scam
Like the tried-and-true donation scams used after natural disasters, this phishing attack solicits donations to fight the spread of the coronavirus. The attack imitates a CDC emergency outreach email and asks victims to deposit money into a Bitcoin account. An email urges recipients to donate Bitcoin to fund coronavirus vaccine research. Of course, the real CDC does not accept Bitcoin, and it is not asking for donations.
Information from the source
In this coronavirus phishing attack, the cybercriminal impersonates a doctor from The Central Hospital of Wuhan to play on the victims’ fears, lend credibility to the email and convince them to download a malicious attachment. Phishers have sent emails that offer purported medical advice to help protect you against the coronavirus. The emails might claim to be from medical experts near Wuhan, China, where the outbreak began. “This little measure can save you,” one phishing email says. “Use the link below to download Safety Measures.”
Along with the phishing tactics above, one of the largest concerns for cyber security researchers is the massive increase in coronavirus-themed domain registrations. Many suspect that these domains will be used for phishing attempts like those listed above. An example of such a website is vaccinecovid-19.com. It was first created on February 11, 2020 and registered in Russia. The website is insecure and offers to sell “the best and fastest test for coronavirus detection at the fantastic price of 19,000 Russian rubles (about US$300)”.
A Sophos report states that the raw number of domain names related to the COVID-19 till March 20, the peak day (so far), people registered 3,011 new domains that contained the text “covid” or “corona,” Since February 8, 42,578 (as of midnight, March 24) newly-registered covid or corona domain names were found.
Fake product scam
Beyond the coronavirus phishing threats listed above, the US SEC is warning consumers of investment scams related to products claiming to prevent, detect or cure coronavirus. The SEC issued an Investor Alert to warn investors about investment frauds involving claims that a company’s products or services will be used to help stop the coronavirus outbreak. The company Red Points states in a report that during this (pandemic) time, counterfeiters could jump on increased demand for vitamins, health products, games, electronics, headphones and technology peripherals.
There are some simple steps which people can follow to avoid being victims of such scams and crimes.
- Use 2 factor authentication on emails and social media and other accounts.
- Do not click links from unverified sources, do not open attachments from untrusted senders.
- Verify doubly and be sure before you do any transaction which creates a sense of urgency, has a threatening or scary message.
- Do not share your OTP or give personal information on a phone call to any caller.
- Treat COVID19 related information with scepticism, there are scammers even impersonating the Government and WHO.
- Follow a limited set of verified official handles for information and updates regarding the pandemic.
- Update the operating system on your laptops/computers and mobile phones to the latest version.
- Purchase and use an antivirus solution, even on a mobile device.
- Check your financial statements for any unusual withdrawals and expenses, contact your bank or wallet provider immediately in case of any discrepancies.
Discuss these tips with more vulnerable members of family and society and keep them forewarned. In case of any breach, report it immediately to cybercrime.gov.in and the service provider/platform.
The success of social engineering as a crime depends on the witting or unwitting cooperation of the individual. While the world battles an unprecedented pandemic, care should be taken not to fall victim to these age-old tactics. With heightened emotions and need for information regarding the dreaded virus, criminals and nefarious elements will try their best to cheat, defraud and take advantage of vulnerable populace. It is incumbent upon us as individuals and society to be aware of such attempts and help others too from dangers lurking in the online world.
Disclaimer:(Brijesh Singh is Inspector General of Police, Maharashtra and Khushbu jain is a practicing advocate in Supreme Court of India.)