COVID-19 has created previously unthinkable consequences for our society.
In these uncertain and difficult times, fraudsters opportunistically prey on the fear and uncertainty created by a public health emergency, looking to profit from the public’s desire to regain a sense of safety and security.
Across the world, we have seen an increasing rise in scams associated with COVID-19. In Vietnam, there have been several scams relating to COVID-19 in which the victims unknowingly transferred money to fraudsters’ bank accounts for the purchase of hygiene supplies such as face masks or hand sanitizers or where they made donations to non-existent COVID-19 charity funds.
Further, as governments prepare stimulus packages in response to the pandemic and begin providing financial support to their citizens, the risk of businesses being defrauded by COVID-19 related scams will likely continue to rise.
For the financial sector, in particular, there are great challenges. The industry has already begun to provide an unprecedented response but is having to work through their own business continuity issues. Demand is far outstripping supply as concerned customers inundate call centres, as fraud typologies change on an almost hourly basis.
Some COVID-19 related scams could include:
Phishing scams: Fraudsters posing as members of domestic and international health authorities, such as the United States Centre for Disease Control and Prevention (CDC) or the World Health Organisation (WHO), targeting victims with emails including malicious attachments, links, or redirects to “updates” regarding the spread of COVID-19, new containment measures, maps of the outbreak or ways to protect yourself from exposure. Once opened, the computer may be infected with malware or expose sensitive personal information or credit card details saved online to a hacker.
COVID-19 fraudulent websites: There has already been a significant rise in new fraud risk typologies, in particular related to the registration of large numbers of “COVID” internet domains.
Business email compromise: The increase in remote working, accompanied by organisation-wide updates regarding COVID-19, has opened the avenue for fraudsters to target businesses and their employees. Using emails disguised as COVID-19 updates, fraudsters attempt to trick employees to hand over their credentials by requesting they log in to a fake company “COVID-19” portal. Once an employee has entered their credentials, the fraudster can have unfettered access to the employee’s company accounts and the organisation’s network.
Supply scams: Taking advantage of current supply shortages and public demand for resources, fraudsters have established fake online shops that sell medical supplies currently in demand, such as surgical masks and hand sanitiser. After payment is made to “purchase” the goods, fraudsters pocket the money and never deliver the supplies.
Treatment scams: Rising panic around contracting the novel coronavirus has created swaths of individuals looking for a way to prevent or cure COVID-19. Using social media and online forums, fraudsters promote bogus products claiming to prevent the virus and lure victims with the promise of vaccines, fake cures, and unproven treatment methods.
Provider scams: Fraudsters are posing as doctors or hospital administrators, typically claiming to have successfully treated a known friend or relative for COVID-19 and demanding payment for said treatment.
Charity scams: In times of crisis, it is not uncommon for individuals to feel a personal sense of responsibility to help reduce the impact on the community. Fraudsters prey on this desire, soliciting donations for non-existent charities claiming to help individuals, groups, or areas affected by the virus, or contribute towards the development of a vaccine to fight the virus.
Mobile app scams: Fraudsters are developing or manipulating mobile phone applications which outwardly look as if they track the spread of COVID-19, however once installed the application infects the user’s device with malware which can be used to obtain personal information, sensitive data, or bank account/card details.
Investment scams: Keeping with the tradition of a classic investment scam, this scam has a twist, purporting to generate significant returns from investing in a company that has services or products that can prevent, detect or cure COVID-19.
There are many ways to help protect yourself, loved ones, and your business from falling victim to COVID-19 scams. Paramount to reducing vulnerability is ensuring that people remain aware of how criminals are attempting to take advantage of the global health crisis.
So what can you do to protect yourself?
1. Awareness
Be wary of fraudulent emails claiming to be from experts who have vital information regarding the virus. Do not click links or open attachments from unknown or unverified senders.
Check email addresses from sources claiming to have information regarding COVID-19 for irregularities, such as spelling errors or miscellaneous symbols. Fraudsters often use addresses that only have a marginal difference to those belonging to the entities they are impersonating.
Be careful of fake online shops which use non-traditional payment methods, such as money orders, funds transfer, gift cards, or crypto-currency.
Conduct background research before donating to any charities or crowd-funding campaigns. Be wary of any business, charity, or individual soliciting donations in cash, through the mail, via funds transfer or other unusual channels.
Stay informed of scams trends in relation to COVID-19.
2. Preventive technology controls
Ensure the anti-malware and anti-virus software installed on your devices is up to date. Avoid installation of freeware on IT systems as they may have hidden malware/trojans.
Connect to the internet using secure Wi-Fi hotspots and broadband connections.
Avoid using public file sharing websites unless authorised by your organisation’s policy.
3. Detective and investigative controls
Do not dismiss any breaches or incidents as they may indicate a bigger problem.
In case of a cyber-attack, investigate the root cause to secure and prevent against further attacks.