FBI Urges Vigilance with COVID-19 Scams on the Rise

by Apr 6, 2020Security

As if you didn’t already have enough to worry about, scammers are exploiting the COVID-19 crisis to infiltrate your business and deceive your employees. In the process, they’re stealing data, personal information and money, in what authorities are calling an “unprecedented” surge in coronavirus-related scams.

A wide range in fraud schemes have popped up at a time when businesses are most vulnerable. As companies scramble to keep their operations running during the pandemic, scammers are taking advantage of both the chaos and stressed IT systems.

The situation has gotten so bad that the FBI had to release a statement, warning of the sudden rise in scams. Below are some of the schemes to be on the lookout for.

 

COVID-19 Scams: Phishing Emails

Phishing emails are already a serious threat to businesses. And they’re even more successful when they exploit people’s fears and confusions.

How they work: A phishing email is disguised as a communication from a familiar sender, such as a user’s bank. Clicking on the email takes the user to a login page that looks legitimate, but is actually a gateway to steal the user’s credentials.

By some estimates, phishing emails have increased by more than 600% over the past month, capitalizing on the panic surrounding COVID-19. Security researchers found that roughly 2% of all global email attacks in March were COVID-themed.

We’ve seen reports of coronavirus emails being disguised as the following:

  • Government agencies offering stimulus checks
  • Email platforms (i.e. Gmail/G Suite)
  • File-sharing services
  • Travel websites and airlines offering refunds
  • Platforms for remote work, collaboration and/or video conferencing
  • Health organizations such as the CDC and World Health Organization (WHO)
  • Updates about COVID-19 from employers, colleges and/or news sites

 

We’ll return to some of these emails in a minute, but the critical point is that scammers are working overtime to make their messages look like the organizations that users trust most.

 

Prevention:

  • The FBI urges users to be wary of any email asking you to enter personal information, regardless of sender. The government, for example, is “not sending unsolicited emails seeking your private information in order to send you money.”
  • Users should also be suspicious of any email asking to log in or change passwords. Users should be trained on how to check the emails for detailed sender information as well as URLs in the email (without clicking on them).
  • As a rule of thumb, simply don’t ever provide your username, password, social security number, financial info, date of birth or other personal information in response to an email.

 

Coronavirus Malware

By mid-March, the Internet was already “drowning in COVID-19-related malware,” according to a report by Ars Technica. U.S. Attorney Scott Brady warned of an unprecedented wave of cyberattacks, similar to “the kind of fraud that we saw relating to Hurricane Katrina.”

Like most malware, hackers are using multiple delivery methods to infect devices, including malicious emails, websites and mobile applications. The difference here is that hackers are specifically preying on users’ fears and interest in coronavirus-related information.

Here are just a few examples of COVID-19 malware we’ve seen so far:

  • Coronavirus infection maps: A legitimate, well-circulated map created by Johns Hopkins University was copied by Russian hackers and redistributed with Java-based malware. Various versions of this have sprouted up in Internet forums as well as in mobile app stores. In one version, the maps were distributed via an Android app containing “CovidLock” ransomware, which changed users’ passwords, locking them out of their phones.
  • Malicious websites: Hackers are using COVID-related websites to lure users, whose computers are then infected with malware. In some cases, it starts with a spam email, which redirects the user to a website. In other scenarios, users are being directed to malicious websites from social media, forums and other sites. Cybersecurity firm Check Point found that more than 4,000 COVID-19-related domains were registered so far this year, many of which are likely vehicles for fraud and malware.
  • Spam: Spam email remains a top malware delivery method, in part because it’s the simplest and cheapest way for hackers to reach millions of users. The email messages are in fact very similar to other common spam, but spun with a coronavirus theme. Some examples identified by Trend Micro included emails about “Important COVID-19 Updates,” delayed shipping notifications and medical products related to coronavirus. Most included an attachment containing malware or a link to a malicious site.

 

Prevention:

  • Businesses must maintain their cybersecurity defenses, especially if the workforce is working remotely.
  • Network firewalls, email filters and anti-malware can do the heavy lifting of stopping spam emails, but users need to be on the lookout too. Remind employees about safe practices for email/web, including tips for identifying suspicious emails.

 

COVID-19 Ransomware

CovidLock is just one of several coronavirus ransomware strains that have been found in the wild in recent weeks. And while attacks on hospitals were already common, attackers appear to be intensifying their efforts against healthcare groups during the pandemic. Health organizations like WHO have also reported an uptick in attempted attacks, which the group has managed to deflect so far.

How it works: Ransomware is a form of malware that encrypts your data, making it unusable unless you pay the attackers to unlock it (though paying the ransom doesn’t guarantee you’ll get your files back). Infections often move laterally across a network, taking down every server and device it can access.

In mid-March, some hacker groups claimed they were backing off the healthcare industry. But not surprisingly, attacks have continued anyway:

  • Numerous ransomware variants have been found to originate from ransomware-themed spam emails, websites and file downloads. A researcher at cybersecurity firm Proofpoint explained to Wired, “The things that are working right now are coronavirus lures: coronavirus as the email for the social engineering, coronavirus filenames, coronavirus domain names.”
  • As COVID-19 infections began to surge in the Czech Republic, one of its hospitals suffered a devastating ransomware attack. The Brno University Hospital, which was also a major COVID-19 test site, lost all its computers in the attack. The hospital had to turn away patients, cancel urgent procedures and delay COVID-19 test results.
  • In the U.S., a website for a public health department in Illinois was knocked offline after a ransomware attack, compromising the records of more than 200,000 people registered on the site.

 

Prevention:

  • Ransomware infections can be prevented, in part, by the same strong cybersecurity defenses mentioned above, such as antimalware software and ongoing training for users.
  • File/directory access controls can help to limit the spread of infections across a network. Each user should have access only to the files and folders they need for their job, rather than the entire directory.
  • The most important defense against ransomware is a data backup system. When an attack occurs, only a robust system of backups will enable you to quickly restore your systems back to normal. This is absolutely critical for healthcare organizations and other businesses that cannot afford to lose their data, especially at a time like this.

 

Fake Coronavirus Cures, Tests & Equipment

COVID-19 fraud is everywhere right now. Don’t assume it’s not a threat to your business. At a time of so much uncertainty, it’s natural for people to let their guards down, and that includes your employees, too.

The FBI has warned of numerous scams involving fake coronavirus products, often offered through spam and phishing emails. When these emails get past your spam filters, there’s always a risk that users will fall for it, potentially resulting in cyberattacks on your IT systems.

In some cases, the emails contain malicious links and attachments. In others, they’re purely schemes to steal people’s money and personal information.

Here are some examples identified by the FBI:

  • Fake COVID-19 test kits: These are being sold all over the Internet, and in some cases there are actual physical “kits” being shipped to people, albeit completely bogus. Some spam emails offering tests are simply designed to deliver malware.
  • Fraudulent sales of COVID-19-related medical equipment: Healthcare professionals need to be especially vigilant when ordering any supplies for coronavirus-related supplies. The FBI has identified numerous fraud schemes involving sales of “counterfeit products like sanitizing products and personal protective equipment (PPE), including N95 respirator masks, goggles, full-face shields, protective gowns, and gloves.”
  • Fake cures and vaccines: All kinds of “cures,” “prevention pills,” and bogus treatments for coronavirus have popped up online, and they’re the subject of many spam emails. The underlying objectives are no different: take your money, take your credentials, infect your computer with malware. Don’t assume your employees wouldn’t take the bait!

 

Prevention:

  • The FBI urges medical providers to use extreme caution when dealing with new suppliers or unidentified third-party brokers.
  • If you’re in the medical industry and absolutely must work with new suppliers, be on the lookout for any suspicious activity, such as unusual payment terms, last-second price changes, odd excuses for delayed shipments (i.e. “the equipment was seized at port”) and unexplained sources of bulk supply.
  • If you’re not in the medical industry, your employees should avoid offers for supplies entirely.

 

Most Important Actions

To recap, there are essentially three things every business needs to do ASAP to thwart the COVID-19 scams above:

  • Educate personnel on the risks; remind them of safe email/web practices (especially if they’re using new devices, systems or processes due to the pandemic).
  • Reevaluate your disaster recovery planning in the context of COVID-19; be sure that you’re maintaining strong cybersecurity defenses, especially if workers are now working remotely and/or using their own devices.
  • Back up your data constantly; test your disaster recovery systems to ensure they are functioning properly and are prepared for a major data-loss event should one occur.

 

Need some guidance?

If you need assistance with your disaster recovery planning as it relates to data protection, backups, file-sharing solutions or IT infrastructure, please reach out to our business continuity experts at Invenio IT. Call (646) 395-1170, email success@invenioIT.com or request a free demo of our recommended backup solutions.

New call-to-action

Dale Shulmistra is a Business Continuity Specialist at Invenio IT, responsible for shaping the company’s technology initiatives -- selecting, designing, implementing & supporting business continuity solutions to bolster client operational efficiencies and eliminate downtime.