Coronavirus has inspired an unprecedented number of online scams targeting people and businesses – and researchers say the wave of attacks is just getting started.
The massive volume of cybercriminal activity reflects the overwhelming scope of the pandemic, which has upended every aspect of daily life across the world — from how people seek medical information to how they work, socialize and shop for groceries. The mass uncertainty allows criminals to prey on broad swaths of the global population.
“Spammers and scam artists have never had an opportunity like this before,” said Stephanie “Snow” Carruthers, who leads a team focused on studying phishing at IBM's hacking research division.
“Covid-19 is the first event of its kind since the birth of the Internet. This global pandemic impacts so many different aspects of our lives including physical and financial safety, across geographies for an unpredictable time frame,” she said. And that’s “a perfect lure” for online criminals, she added. Since at least Hurricane Katrina in 2005, online scammers have piggybacked off major news events to trick people into clicking links they shouldn't and downloading malicious software or sharing personal and credit card information with what they mistakenly believe are legitimate businesses. These days, phishing gangs that normally have a range of other campaigns are now focusing on coronavirus-related scams because the opportunities to profit are so great, experts say.
The figures are staggering.
Consumer complaints in the United States related to the coronavirus have doubled in the past week to 7,800, according to the Federal Trade Commission.
The explosion of scams includes robocalls, texts, and emails posing as government officials or businesses offering refunds for missed vacations or virus-testing kits. The average loss for a consumer duped by one of these scams is nearly $600, the agency reported, which adds up to nearly $5 million nationwide. Scammers have posed as legitimate businesses selling coronavirus treatments, charities funneling help to the infected and officials from the Centers for Disease Control and Prevention, the Small Business Administration and the World Health Organization, researchers said.
“The pandemic has led to an explosion of cybercrime, preying upon a population desperate for safety and reassurance,” concluded a report from digital security consulting group Interisle. The report was delivered yesterday to ICANN, an international body that manages many basic Internet functions.
The number of emails that used phony information about the virus to trick people into infecting their phones and computers has increased by 14,000 percent in just two weeks, according to a report from IBM’s X-Force research division. Palo Alto Networks logged over 100,000 new potentially phony Web domains registered with words including “covid,” “virus” and “corona” in their names, in just the past few weeks. And that doesn’t count phony sites that claim to sell protective gear such as masks and hand sanitizer.
An analysis of Google data by the firm AtlasVPN found a 350 percent spike over three months in phony websites related to the virus and designed to separate people from their money or personal information.
The Justice Department has taken notice, urging prosecutors to prioritize scammers selling phony medical equipment and snake- oil cures. The department brought its first criminal fraud case against such a scammer last week — a Southern California man who sold pills to an undercover agent that he claimed could prevent people becoming infected with the virus. He also falsely claimed that former basketball star Magic Johnson was on his board of directors. But the vast majority of scammers are unlikely to face any consequences. And their scams probably are still proliferating, experts told me.
Predictions about the long duration of the pandemic, expected to last at least several months, is also likely spurring phishing gangs to invest in developing more elaborate scams, such as posing as medical suppliers and conning hospitals and clinics into buying nonexistent goods from them, said Peter Cassidy, co-founder of the Anti-Phishing Working Group.
“That kind of business-to-business scam takes a lot more sophistication and patience, and this event gives them copious time to develop attacks like that,” he told me.
By contrast, during Hurricane Katrina, online scammers spent only a few weeks targeting people with phony warnings from government agencies and pleas from charities — hardly enough time to develop complex operations backed by legitimate-looking websites, Cassidy said.
SOURCE: https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2020/04/01/the-cybersecurity-202-coronavirus-pandemic-unleashes-unprecedented-number-of-online-scams/5e83799b88e0fa101a757098/