Scammers are targeting what we need most

May 14 2020
Simone Caron, IFPC

Week 4 of isolation felt as if society had been brought to a halt, keeping our sanity intact using video calls and taking a walk around the block, relishing the fresh air.

Although the mantra of 2020 has become “getting used to the new normal”, we can't escape the fact that there is nothing normal about crossing the road to avoid coming into contact with children or queuing just to get into a nearly empty grocery store. However, this hasn't slowed down cyber criminals as they consistently find new ways to exploit society as we settle into a “routine” of sorts. Cyber security company, Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1 and March 23, 2020—a 667% increase over the 1,188 attacks detected a month earlier.

Although Zoom became the hub of work meetings, social gathering and school lessons, it also put people’s data and privacy at risk. A trend dubbed “Zoombombing” started as a school prank, soon became very malicious as hackers harass and spread hate speech over meetings. The New York Times conducted an investigation and found 153 Instagram accounts, dozens of Twitter accounts and private chats, and several active message boards on Reddit and 4Chan organising Zoom harassment campaigns and sharing meeting passwords. The lack of security on Zoom has resulted in multiple lawsuits and schools moving online lessons to alternate platforms.

Scammers are now claiming to sell fraudulent COVID19 tests online as well as spreading smshing scams with malicious links to “mandatory COVID tests”. Authorities have wanted that there are no online tests and people shouldn't click on any messages claiming to come from the CDC or WHO advertising online tests or selling personal protection equipment. The Better Business Bureauadvises people to take the following precautions:

1. Ignore instructions to text "STOP" or "NO" to prevent future texts; this is a common ploy by scammers to confirm they have a real, active phone number
2. If you think your text message is real, be sure it's directing you to a web address ending in ".gov" or ".ca", not ".com"
3. Check for look-alikes by doing your research to see if a government agency or organization exists; find contact info on your own and call them to be sure the text message if legitimate

Cyber criminals have moved onto targeting employees on the front line including the WHO, various hospitals and researchers suggest that this is not the end of the attack on the healthcare system - urging companies to do everything necessary to improve their cyber security. In the U.S., Bill Siegel, chief executive officer of cyber security company Coveware, said he has worked with about a half dozen health-care providers that have already been hit with ransomware during the Covid-19 crisis.

We see it as our duty to keep you informed of these scams taking advantage of the vulnerable and overwhelmed. Subscribe to our newsletter to stay informed.

Covid19, PPE, pandemic, scams, fraud