Coronavirus con artists continue to scam people

Amer Owaida, Security Writer at ESET discusses that the scam machine shows no signs of slowing down, as fraudsters continue to dispense bogus health advice, peddle fake testing kits and issue malware-laced purchase orders.

With the COVID-19 pandemic surging outside, people are hunkering down inside their houses. Companies are shifting to remote work and urging their employees to work from home while cities, even whole countries, are going on lockdown to limit the spread of the virus. Business trips have been halted as travel bans are being issued left and right, and there is a shortage of masks, respirators and hand sanitizers.

Not ones to shy away from making a pretty penny, cybercriminals continue to use the mounting emotional and financial toll of the pandemic to their advantage. Many campaigns target people with fake offers for personal protective equipment and bogus updates on the public health crisis, while businesses are often on the receiving end of faux purchase orders and payment information.

Following up on our previous article dedicated to uncovering scams exploiting coronavirus fears, ESET researchers have shared new examples of campaigns aimed at stealing your personal information or money.

Don’t shoot but verify the messenger
As the situation constantly evolves, people are looking for verified information on how to protect themselves during the COVID-19 pandemic. The best source of such information is the World Health Organization (WHO) or national healthcare organizations, which make ideal targets for fraudsters to impersonate.

An example of their tactics would be to contact you via email asserting that the attachment contains pertinent information to help protect you from the disease. In the specific campaign below, ESET researchers found that the attachment contains a Trojan designed to steal your personal data.

The WHO is very well aware that scammers are impersonating it and preying on people. In an effort to combat these widespread scams, the organization has shared information on its methods of communication as well as examples of official email addresses on its website.

Besides the WHO, cybercriminals have started impersonating the US Centers for Disease Control and Prevention (CDC). The FBI warns against fraudulent emails claiming to come from the CDC and containing malware-infected links and attachments.

Late payments and urgent orders 
As governments worldwide are issuing recommendations and orders daily on how people should adapt to the pandemic, companies are forced to react almost immediately to the developing situation. To limit the spread of the biological virus, companies are shifting to working from home while factories are either ramping up production or limiting their operations depending on the products they manufacture.

Riding on this wave of uncertainty, fraudsters are impersonating company representatives sending out urgent purchase orders for various materials. As some companies may be in desperate need to have at least some kind of revenue, the recipient may just click on the attached file without giving it further thought. In the example of this tactic below, downloading and running the booby-trapped file masquerading as the detailed order leads to the installation of malicious code.

Orders and payments go hand in hand, and late payments are understandable as financial institutions could be affected by the pandemic as well. That’s exactly what the fraudsters are banking on in the next example scam, where they send the recipient a proof of payment so that their supposed order gets taken care of. But similarly to the previous case; instead of a bank statement, the attached file contains a Trojan injector.

Mask off
Another type of scam that is making the rounds concerns products that are in high demand, but whose availability is severely limited. In this case, we’re talking about face masks. A fraudulent website is offering unwitting victims discounted “OxyBreath Pro” face masks. Since face masks are scarce, the outrageous price may still sound like a good deal to some. By purchasing the mask, the victim would be falling for a phishing attack and exposing their sensitive personal data to the fraudsters.

Fake testing kits
The short supply of respirators, masks, hand sanitizers, and other medical supplies has been a boon to criminals. Their despicable business has been booming of late, especially since they are offering fraudulent “corona cures”. Some of them have even started offering either fake or non-existent coronavirus testing kits under the guise of medical officials with the necessary certification for their products. The U.S. Food and Drug Administration (FDA) is cracking down heavily on these sellers and has issued warnings that it has not authorized any tests that could be purchased by people to test themselves.

Law enforcement agencies around the world are aware of these kits and other harmful and fraudulent medical supplies as well and have started to act. A global operation seized US$13 million worth of potentially hazardous pharmaceuticals and identified more than 2,000 links connected to bogus products related to COVID-19.

In summary
These aren’t nearly all the types of scams that are currently circulating, but they can provide a good insight into how cybercriminals operate, especially how they capitalize on the climate of fear sweeping the world.

It is important to keep your guard up, so that you are equally safe from both the raging coronavirus pandemic and the scam epidemic surging through the internet. Here are some tips to keep you protected from the latter:

  • Refrain from clicking on any links or downloading any files sent to you by email from a source that you cannot independently verify or from someone you don’t know
  • If the email is purportedly from an official organization, do your due diligence and check it by going to their official website or contact them through their official channels to verify the veracity of the email
  • Look out for suspicious offers and never order anything from an unverified vendor. If the offer or discount looks too good to be true, it usually is. Always be vigilant and find and evaluate reviews about the vendor
  • Never underestimate the value of a good security endpoint solution that can help you stay safe from phishing attempts, as well as other varieties of cyberthreats.