United States and United Kingdom Warn About New Cyber Frauds Amid the COVID-19 Crisis
The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert on April 8 about new cyber frauds amid the COVID-19 crisis. They specifically warn against:
- Phishing, using the subject of coronavirus or COVID-19 as a lure,
- Malware distribution, using coronavirus- or COVID-19- themed lures,
- Registration of new domain names containing wording related to coronavirus or COVID-19, and
- Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action. These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic in order to persuade potential victims to:
- Click on a link or download an app that may lead to a phishing website, or the downloading of malware, including ransomware.
- For example, a malicious Android app purports to provide a real-time coronavirus outbreak tracker but instead attempts to trick the user into providing administrative access to install “CovidLock” ransomware on their device.
- Open a file (such as an email attachment) that contains malware.
- For example, email subject lines contain COVID-19-related phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”
To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title. In several examples, actors send phishing emails that contain links to a fake email login page. Other emails purport to be from an organization’s human resources (HR) department and advise the employee to open the attachment.
Malicious file attachments containing malware payloads may be named with coronavirus- or COVID-19-related themes, such as “President discusses budget savings due to coronavirus with Cabinet.rtf.”
For more information, please see https://www.us-cert.gov/ncas/alerts/aa20-099a.
Medicare Beneficiary Scams
The U.S. Department of Health and Human Services Office of Inspector General is alerting the public about fraud schemes related to the novel coronavirus (COVID-19).
Scammers are offering COVID-19 tests to Medicare beneficiaries in exchange for personal details, including Medicare information. However, the services are unapproved and illegitimate.
Fraudsters are targeting beneficiaries in a number of ways, including telemarketing calls, social media platforms, and door-to-door visits.
These scammers use the coronavirus pandemic to benefit themselves, and beneficiaries face potential harms. The personal information collected can be used to fraudulently bill Federal health care programs and commit medical identity theft. If Medicare or Medicaid denies the claim for an unapproved test, the beneficiary could be responsible for the cost.
- Beneficiaries should be cautious of unsolicited requests for their Medicare or Medicaid numbers.
- Be suspicious of any unexpected calls or visitors offering COVID-19 tests or supplies. If your personal information is compromised, it may be used in other fraud schemes.
- Ignore offers or advertisements for COVID-19 testing or treatments on social media sites.
- A physician or other trusted healthcare provider should assess your condition and approve any requests for COVID-19 testing.
- If you suspect COVID-19 fraud, contact National Center for Disaster Fraud Hotline (866) 720-5721 or email@example.com.
Federal Trade Commission Warns about Various COVID-19 Scams
“Public health” scams
Fraudsters send messages that claim to be from the Centers for Disease Control and Prevention (CDC), World Health Organization (WHO), or other public health offices. They may ask for Social Security numbers, tax IDs, etc. Other variations direct you to click on a link or download a document. Remind your staff not to respond to messages like this – and definitely don’t download anything or click on links in unsolicited email. It’s the latest form of phishing aimed at stealing confidential data or installing malware on your network.
Government check scams
You’ve seen news stories about whether financial help for businesses might be available in the future. But remember that criminals read those headlines, too, and use them to make their phony pitches sound more credible. If someone calls or emails you out of the blue claiming there’s money available from a government agency if you just make an up-front payment or provide some personal information, it’s a phony.
Business email scams
We’ve warned companies about frauds perpetrated via business email. For example, in a CEO scam, an employee gets a message that appears to come from a company higher-up directing the person to wire money, transfer funds, send gift card codes, etc. In reality, a con artist has spoofed the boss’ email address or phone number. Why are we renewing the call for vigilance? The economic upheaval caused by the Coronavirus has led to a flurry of unusual financial transactions – expedited orders, cancelled deals, refunds, etc. That’s why an emergency request that would have raised eyebrows in the past might not set off the same alarms now. Compounding the problem is that teleworking employees can’t walk down the hall to investigate a questionable directive. Warn your staff about these scams and give them a central in-house contact where they can verify requests they may receive.
It works like a CEO scam, but this time the call or message claims to come from a member of your technology staff asking for a password or directing the recipient to download software. These scams pose a particular problem now due to what cybercrime experts call social engineering: the dark art of manipulating human behavior to facilitate fraud. Your employees already may be distracted by changes to their routine and your tech support team is swamped. Taking advantage of this temporary “upside down-ness,” con artists may do a quick online search to glean a tidbit to really sell their story – for example, “I spoke with Fred, who said you were having a computer problem” or “The meeting has been shifted to our new teleconferencing platform. Here’s the link.” Your best defense is a workforce warned against this form of fraud. Again, an in-house source for accurate information can help protect your company.
With many businesses scrambling for supplies, it’s wise to heed warnings about websites that mimic the look of well-known online retailers. They claim to have the essentials you need, but in reality, they’re fakes that take your “order,” grab your credit card number, and run. The safer strategy is to type in URLs you know to be genuine. And before taking a chance on an unfamiliar supplier, check them out with trusted industry colleagues.
While working from home, your employees are hearing a new crop of annoying – and illegal – robocalls. It’s no surprise that fraudsters who already flout the law would try to exploit people’s COVID concerns to make a buck. Some of these tele-phonies pitch bogus test kits and sanitation supplies. Others have businesses in their sights. Curious what these calls sound like? This recording targets “small business who may be affected by the Coronavirus,” warning them to “ensure your Google listing is correctly displaying. Otherwise customers may not find you online during this time.” We’ve seen scams like this before and the call definitely isn’t from Google. Remind your staff that the only right response to an illegal robocall trying to sell something is to hang up.
The rest of us may be adjusting to new ways of working, but it’s business as usual for hackers. With more people telecommuting, hackers are hoping companies will drop their online defenses, making it easier to infiltrate data-rich networks. We have tips to help your staff maintain security when working from home. Also, the National Institute of Standards and Technology (NIST) has resources on making a safer transition to a remote workplace. A good place to start: NIST’s updated Telework Cybersecuritypage. Check out NIST’s infographic, Telework Security Overview & Tip Guide. Read their recent bulletin on Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions. And review their advice on Navigating the Conference Call Security Highway.”
World Health Organization (WHO) Warns of Coronavirus (COVID-19) Phishing Attacks
The World Health Organization (WHO) warns of ongoing coronavirus-themed phishing attacks that impersonate the organization with the end goal of stealing information and delivering malware.
The phishing messages are often camouflaged to appear as being sent by WHO officials and ask the targets to share sensitive information like username and passwords, redirect them to a phishing landing page via malicious links embedded in emails, or ask them to open malicious attachments containing malware payloads.
- No one should receive phone calls from a public health agency regarding COVID-19.
- If you are contacted by email by a person or organization that appears to be from WHO, verify their authenticity before responding. You can do that by following the steps detailed below:
- Verify the sender by checking their email address – WHO sender addresses use the firstname.lastname@example.org pattern
- Check the link before clicking – make sure it starts with https://www.who.int
- Be careful when providing personal information – never provide your credentials to third parties, not even WHO
- Do not rush or feel under pressure – don’t fall for tricks designed to pressure you into clicking links or opening attachments
An example of a phishing campaign using COVID-19 as bait is asking potential victims to “go through the attached document on safety measures regarding the spreading of coronavirus.” The victim is asked to download the attachment to their computer by clicking on a “Safety Measures” button that would instead redirect them to a compromised site the attackers use as a phishing landing page.
The phishing page loads the WHO website in a frame in the background and displays a pop-up in the foreground asking the targets to verify their email. Once they enter their usernames and password and click the “Verify” button, their credentials will be sent to a server controlled by the attackers and redirect them to WHO’s official website.
The U.S. Federal Trade Commission (FTC) also warned about ongoing scam campaigns using the current coronavirus to bait targets from the United States via phishing emails, text messages, and even social media.
Several phishing campaigns using coronavirus lures have been targeting individuals from the United States while impersonating U.S. Centers for Disease Control and Prevention (CDC) officials and virologists, warning of new infections in the victims’ area and providing “safety measures.”
For more information, please read the full article at https://www.bleepingcomputer.com/news/security/world-health-organization- warns-of-coronavirus-phishing-attacks.