Over the past week, the FBI has been warning that there has been an increase in cybersecurity threats exploiting the COVID-19 pandemic that target civilians, government infrastructure, and businesses alike.
The FBI has received over 1,200 complaints about scams that exploit the COVID-19 pandemic ranging from business fraud, phishing, and money mule schemes to steal people’s money and personal data.
“In recent weeks, cyber actors have engaged in phishing campaigns against first responders, launched DDoS attacks against government agencies, deployed ransomware at medical facilities, and created fake COVID-19 websites that quietly download malware to victim devices,” the FBI’s Internet Crime Complaint Center (IC3) announced on Wednesday.
In many of the attacks, the fraudsters hide their identities while pretending to represent financial institutions, government agencies, relief organizations, or private citizens in need of money due to the quarantine.
“Fraudsters are taking advantage of the uncertainty and fear surrounding the COVID-19 pandemic to steal your money, access your personal and financial information, and use you as a money mule” — FBI
One such exploit the FBI is warning about is the Money Mule Scheme where criminals trick their victims into laundering illegally-obtained money by asking them to send or receive money on behalf of someone pretending to be in need.
To Stop Money Mule Schemes
The FBI advises:
- Watch out for online job postings and emails from individuals promising you easy money for little to no effort.
- Watch out for emails, private messages, and phone calls from individuals you do not know who claim to be located abroad and in need of your financial support.
- Protect yourself by refusing to send or receive money on behalf of individuals and businesses for which you are not personally and professionally responsible.
“Business email compromise (BEC) is a scam that targets anyone who performs legitimate funds transfers” — FBI
Another way bad actors are taking advantage of the coronavirus crisis to exploit people’s vulnerabilities are through Business Email Compromises (BECs).
“Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19,” the FBI warned on Monday.
These types of scams target legit businesses by pretending to represent companies they would normally do business with, but they request that money is sent to a new account or other method of payment.
For example, “A financial institution received an email allegedly from the CEO of a company, who had previously scheduled a transfer of $1 million, requesting that the transfer date be moved up and the recipient account be changed ‘due to the Coronavirus outbreak and quarantine processes and precautions.’ The email address used by the fraudsters was almost identical to the CEO’s actual email address with only one letter changed,” according to the FBI.
To Combat Business Email Compromises
The FBI advises:
- Be skeptical of last minute changes in wiring instructions or recipient account information.
- Verify any changes and Information via the contact on file—do not contact the vendor through the number provided in the email.
- Ensure the URL in emails is associated with the business it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.
“In recent weeks, cyber actors have engaged in phishing campaigns against first responders” — FBI
Most of the population is quarantined at home, including the scammers, and the FBI is seeing an increase in phishing attacks by fraudsters who trick victims into giving up their passwords, credit card details, and other personal information by getting them to click on bad links.
For example, the culprits pretend to be legit software companies, telling you that your password has been compromised, and you need to click on their malware-infected link to retrieve it.
This way, victims actually hand over their passwords to criminals thinking that they are protecting themselves.
To Recognize and Prevent Phishing Attacks
The FBI advises:
- Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
- Beware of advertisements or emails purporting to be from telework software vendors.
- Always verify the web address of legitimate websites or manually type it into the browser.
- Don’t share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
- Don’t open attachments or click links within emails from senders you do not recognize.
This list of schemes being conducted by scammers to exploit the COVID-19 crisis goes well beyond the scope of this article.
Other types of schemes identified by the FBI include ones that target telework applications, communications tools, supply chains, and even educational technology and services platforms.
Additionally, the Department of Justice issued the following warning.
Be aware that criminals are attempting to exploit COVID-19 worldwide through a variety of scams. There have been reports of:
- Individuals and businesses selling fake cures for COVID-19 online and engaging in other forms of fraud.
- Phishing emails from entities posing as the World Health Organization or the Centers for Disease Control and Prevention.
- Malicious websites and apps that appear to share virus-related information to gain and lock access to your devices until payment is received.
- Seeking donations fraudulently for illegitimate or non-existent charitable organizations.
Criminals will likely continue to use new methods to exploit COVID-19 worldwide, but there are many precautions that you can take to prevent these from happening.