- Security TWENTY
- Women in Security
Someone was well prepared for the pandemic – tens of thousands of domains that contained the words “coronavirus” and/or “COVID-19” were registered as far back as January 2020, according to a cyber company. RSA Security’s Fraud & Risk Intelligence (FRI) Unit has detailed recently-uncovered scams and cybercrime related to the virus.
The firm points to fake websites offering vaccines or in-demand supplies at inflated prices – such as hand sanitiser, masks, gloves – that take your money, but no supplies are ever shipped, and no vaccine yet exists. Also reported are: phishing emails that purport to come from the World Health Organization (WHO), that result in malware being installed to collect private information from the recipient’s device, set up remote access to the device, or steal address book data to send more emails to the recipient’s friends; earn-from-home scams or rather work-at-home “opportunities”; bank customers being sent emails advising them to call a VoIP number (hence vishing as opposed to phishing) to resolve an alleged missed payment; tickets or discounts, too-good-to-be-true social media offers that are scams; and account takeovers, cybercriminals using stolen credentials from data breaches to take over consumer accounts. Or, fake mobile apps related to COVID-19 claim to offer news and updates, but instead deliver malware.
Daniel Cohen, head of anti-fraud products and strategy at RSA Security, says: “While these are unprecedented times, what we are seeing in terms of fraudsters trying to cash in on the mayhem is sadly all too familiar – events such as these tend to bring out both the best and worst in people. Yet even I have been shocked at some of the brazen opportunism that is taking place.
“Fraudsters posing as WHO specialists, offering information on safety measures; texts claiming to be from the HMRC advising of “goodwill payments” from the government; ‘online friends’ tricking kids into giving up their log-in details; social media posts giving everything from two free airline tickets to a year’s worth of groceries, and more – it’s evident that fraudsters have been quick and creative in finding new ways to take advantage of the current situation. We strongly advise consumers to be on their guard.”
Fraudsters are using COVID-19 as a pretext for an act of generosity, giving away tickets or discounts. But what fraudsters really want from social media attacks is for the reader to click through and provide personal information or sign up for costly services – and, even better, for them to share the post with friends, so even more victims can be lured in.
Cohen adds: ““These scams can only be successful if the victims interact with the fraudsters – we each have the power to protect ourselves, as long as we are careful not to allow ourselves to be manipulated.
“This is not always easy, but there are some tell-tale signs to look out for; for example, fraudsters will try and make you think you need to act fast or miss out, so that you do not take time to question what is on offer. They also try to prey on our fears, for example by saying you have missed a payment, so that, again, you feel under pressure. Ultimately, we all need to act smart online to limit our exposure and take time to think before we click or interact.”
For advice on how to shop online safely visit: https://www.actionfraud.police.uk/shoponlinesafely.
Likewise the Chartered Trading Standards Institute (CTSI) is warning the UK public not to open their doors to bogus healthcare workers claiming to be offering ‘home-testing’ for COVID-19. Louise Baxter, Head of the National Trading Standards Scams Team, said: “As people stay indoors to prevent the spread of COVID-19, criminals are preying on people in vulnerable situations who are isolated and living alone.”
And CTSI Lead Officer, Katherine Hart, said: “The COVID-19 pandemic has seen a surge in scams referencing the virus, but the public should be aware that scams along more familiar themes have also increased in frequency.”
Adam French at consumer rights body Which?, said: “Impersonating legitimate organisations or government officials is a common tactic scammers use to reel in victims, and worryingly the coronavirus outbreak has created the perfect breeding ground for these types of scams. The best way for consumers to protect themselves is to remain vigilant and take extra precautions before clicking on any unsolicited emails, texts or answering calls. Make sure your computers, mobile phones and tablets are supported by the latest security updates, and consider installing antivirus software to minimise threats.”
And Interpol recently reported that counterfeit face masks, substandard hand sanitisers and unauthorised antiviral medication were all seized under Operation Pangea XIII, which saw police, customs and health regulatory authorities from 90 countries take part in action against illicit online sale of medicines and medical products.