COVID-19: Fraud & Scam Info

5/5/20: A new trend of sophisticated phishing methods via email spotted amid COVID-19 pandemic. The new Coronavirus has recently added to the bad intentions of hackers by developing a new trend of sophisticated phishing methods via email. Email messages may require users to open an attachment to view the latest statistics. If a user clicks on the attached attachment link, they are likely to download malicious software to their mobile device or computer, tablet laptop, etc. (Double-check the authenticity of any incoming email messages) - CyberNationalSecurity

4/30/20:  The FBI Internet Crime Complaint Center (IC3) issued an alert late last week to warn people of fake emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other healthcare organizations, pretending to share information about the virus. Officials advise not to open attachments or click links in these emails, and to be wary of websites and apps that claim to track COVID-19 cases. Criminals are using such websites to infect and lock computers. - FBI

4-29-20: Fake FedEx and UPS delivery issues used in COVID-19 phishing scams. Researchers are seeing a new wave of phishing scams that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL. One of the emails pretending to be from FedEx, states that due to the Coronavirus "lock-down", a package is being held at the warehouse. They then prompt the user to click on a phishing link to reschedule for pick up. In emails seen by Kaspersky, attackers are pretending to be from UPS customer service and state that a package is being held for pick up due to the Coronavirus outbreak. The recipient is then prompted to open the attachment to see instructions on how to pick up the package. You should never open attachments in emails from shipping or delivery services and should instead login directly on the carrier's web site to check for any possible shipping issues. - Kaspersky

4/28/20: Remain alert for scams related to COVID-19. Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.- CISA

4/27/20: "Malicious cyber actors are adjusting their tactics to exploit the COVID-19 pandemic, and the Nation Cyber Security Centre, NCSC is working round the clock with its partners to respond," says Paul Chichester, director of operations at the NCSC. "We urge everyone to remain vigilant to these threats, be on the lookout for suspicious emails and look to trusted sources for information and updates regarding COVID-19," - NCSC

4/24/20: Malware gangs are now regularly using coronavirus email lures to trick users into downloading malware, and even state-sponsored hacking groups have jumped on the trend and adopted similar tactics. This new trend/practice has become so obvious that the UK National Cyber Security Center (NCSC) felt obliged to send out a security alert on Monday about the rise in Coronavirus-related email phishing campaigns. Double-check the authenticity of any incoming email messages.4/24/20: Malware gangs are now regularly using Coronavirus email lures to trick users into downloading malware, and even state-sponsored hacking groups have jumped on the trend and adopted similar tactics. This new trend/practice has become so obvious that the UK National Cyber Security Center (NCSC) felt obliged to send out a security alert on Monday about the rise in Coronavirus-related email phishing campaigns. Double-check the authenticity of any incoming email messages.

4/23/20: Every day, Gmail blocks more than 100 million phishing emails. During the last week, Google saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages. The phishing attacks and scams that Google is seeing use both fear and financial incentives to create urgency to try to prompt users to respond. Double-check the authenticity of any incoming email messages, especially if it has anything to do with COVID-19. - Google

4/22/20: Beware of COVID-19 emails being used to distribute malicious attachments. Recently these emails have been targetting medical providers. The emails are using exploited Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables. These files could be used to install ransomware. spyware or virus. Double-check the authenticity of any incoming messages, emails, or phone calls. – FBI

4/21/20: Cybercriminals continue to exploit the spread of COVID-19 are are targetting victims through spear-phishing e-mails. These criminals continue using a variety of COVID-19-themes to target individuals and organizations, including requests for donations, updates on virus transmissions, safety measures, tax refunds, and fake vaccines. Recent statistics show that cyber-attacks are up over 37% since last month and phishing attempts have jumped by 600% since the beginning of March, all due to COVID-19. Double-check the authenticity of any incoming messages, emails or phone calls.

4/20/20: U.S. Federal Trade Commission (FTC) reported that, from January 1 through April 15, U.S. consumers registered 18,257 complaints related to the Coronavirus, over 10,000 of which were reports of fraud. According to the FTC, 46% of the fraud victims reported a consequential financial loss, totaling $13.44 million. The median fraud loss per person was $557. Double-check the authenticity of any incoming messages, emails or phone calls. - FTC

4/17/2020: The U.S. Department of Homeland Security issued an alert warning that cybercriminals are increasingly exploiting the COVID-19 pandemic to target individuals, small and medium businesses and large organizations. “In several examples, actors send phishing emails that contain links to a fake email login page,” the alert said. “Other emails purport to be from an organization’s human resources department and advise the employee to open the attachment.” Although most phishing attempts come by email, the National Cyber Security Centre has observed some attempts to carry out phishing by other means including text messages. “Individuals and organizations should remain alert to increased activity relating to COVID-19 and take proactive steps to protect themselves.” - DHS

4-16-20: The Internal Revenue Service (IRS) also issued a warning regarding a surge in Coronavirus-related scams over email, social media, and phone calls, with the fraudsters requesting personal info while using economic impact payments as a lure. Yesterday, the FTC said that $12.78 million were lost to Coronavirus-related scams according to consumer complaints received since the start of 2020. Consumers reported 16,778 fraud incidents so far, with roughly 46.3% of fraud complaints also reporting a loss, with a median loss of $570 per incident. Victims of COVID-19 fraud attempts should immediately report them via the National Center for Disaster Fraud Hotline at (866) 720-5721, by emailing [email protected], or by reaching out to the FBI (visit ic3.gov, tips.fbi.gov, or call 1-800-CALL-FBI). - IRS

4/15/20: Homeland Security - CISA Cyber-Infrastructure have observed a large volume of phishing campaigns that use the social engineering techniques described above. Examples of phishing email subject lines include:"2020 Coronavirus Updates", "Coronavirus Updates", "2019-nCov:New confirmed cases in your City", and "2019-nCov: Coronavirus outbreak in your city (Emergency)". These emails contain a call to action, encouraging the victim to visit a website that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information. Double-check the authenticity of any incoming messages, emails or phone calls. - DHS

4/14/20:  Beware of phony SBA Grant Offer. They appear via an email, text or caller ID appears to be from the U.S. Small Business Administration or an attorney representing the SBA. The “SBA” is offering grants just for small businesses affected by the Coronavirus outbreak. The application looks simple and may involve completing a short form requesting banking and business information. After being approved, the business owner is asked to pay a “processing fee” up to a couple thousand dollars. There is no such thing as a "free" government grant. If you have to pay money to claim a "free" government grant, it is not really free. A real government agency will not ask you to pay an advanced processing fee. To avoid these scams, always look for a website that ends in .gov or .ca: Legitimate government entities will have websites and emails that end with .gov such as SBA.gov. - BBB

4/13/20:  Beware of fake COVID-19-themed emails from President Trump. Researchers have spotted two phishing emails purportedly coming from the White House, “signed” by President Trump. Both include a link to a compromised website that served a nearly perfect replica of the real White House Coronavirus informational site. The victims are urged to download and peruse the document. Double-check the authenticity of any incoming messages, emails or phone calls. – FBI

4-10-20: "Cybercriminals and advanced persistent threat groups are ramping up exploitation of the COVID-19 pandemic in their malicious operations. Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action. These actors are taking advantage of human traits such as curiosity and concern around the Coronavirus pandemic in order to persuade potential victims in order to persuade potential victims to click or download an infected attachment.” - CISA

4-9-2020: “A rare joint alert has gone out from U.S. and U.K. agencies about COVID-19 scams, revealing a list of 2,500 Coronavirus-themed threats they’re tracking. Not only did they warn about a rise in videoconferencing hijacking (often referred to as Zoom-bombing), but also about phishing emails that included malicious files appearing to provide dial-in details.
 
What to look out for:

The NCSC recommended individuals look out for red flags when opening Coronavirus-themed emails and text messages that contain links to such websites. In particular, the NCSC said people should look at four factors:

Authority – Is the sender claiming to be from someone official (e.g., your bank or doctor, a lawyer, a government agency)? Criminals often pretend to be important people or organizations to trick you into doing what they want.
Urgency – Are you told you have a limited time to respond (e.g., in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
Emotion – Does the message make you panic, fearful, hopeful, or curious? Criminals often use threatening language, make false claims of support, or attempt to tease you into wanting to find out more.
Scarcity – Is the message offering something in short supply (e.g., concert tickets, money, or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.”
-DHS, NCSC

4-8-20: CISA and NCSC have both observed a large volume of phishing campaigns that use the social engineering techniques described above. Examples of phishing email subject lines include: 2020 Coronavirus Updates, Coronavirus Updates, 2019-nCov: New confirmed cases in your City, and 2019-nCov: Coronavirus outbreak in your city (Emergency). These emails contain a call to action, encouraging the victim to visit a website that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information. Double-check the authenticity of any incoming messages, emails or phone calls.
- CISA, Cyber-Infrastructure

4-7-20: The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom platform). Many organizations and individuals are increasingly dependent on these platforms, such as Zoom and Microsoft Teams, to stay connected during the Coronavirus Disease 2019 (COVID-19) pandemic. Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room. - FBI

4-6-20:  The US FTC has issued a warning regarding new COVID-19 themed scams; the agency advised the public to protect their computers and their phones by using security software and installing updates. FTC urges multifactor authentication and creating backups to protect against data loss. The agency also warned consumers to watch out for digital vendors who promise to supply hard-to-obtain items, take payment and then never deliver. - FTC

4/3/20: The U.S. Secret Service has received information regarding individuals receiving emails disguised as coming from a hospital that inform the recipient they may have come in contact with an individual who tested positive for COVID-19. The email instructs the recipient to download an attached Excel file, complete a form, and bring it to the nearest emergency clinic to be tested. The attachment is infected with malware. Double-check the authenticity of any incoming messages, emails or phone calls. - USSS

4.2.20 - US Secret Service has issued an alert warning fraudsters are exploiting COVID-19 relief and stimulus package. USSS has observed a rise in stimulus relief fraud over the past several days and expect the fraud attempts to continue throughout the pandemic.

Criminal actors are using spoofed email addresses posing as US Treasury officials requesting the victim provide PII to receive their share of the stimulus. Criminals are contacting potential victims via SMS/text, robocalls, and other messaging platforms, sending links which prompt victims to enter PII and other sensitive information, such as bank account numbers, email, and passwords.

The US Internal Revenue Service is aware of email phishing scams that mimic IRS and include a link to a bogus web site. These emails contain the direction “you are to update your IRS e-file immediately.” The emails mention USA.gov and IRSgov (without a dot between "IRS" and "gov"), though notably, not IRS.gov (with a dot). - USSS

4.1.20: Beware of scammers who play up federal stimulus checks. Consumers in multiple states are reporting that they've received phishing emails, that include phony websites that look official. The scammers are demanding that potential victims provide PayPal, bank account or other financial information to get a much-talked-about stimulus check that is part of the federal economic relief package. Double-check the authenticity of any incoming messages, emails or phone calls. – FBI

3.31.20: COVID-19 phishing campaigns from threat actors are delivering various malicious payloads to leverage pandemic fears. Many of the attachments observed in association with COVID-19 phishing emails use VBA macros as an initial part of the infection. As with all phishing attacks, it is recommended that users disable macros in Microsoft Office for users that do not require it. - FS-ISAC​

3.30.20: The FBI has received reports of several packages containing items including a USB device sent to US businesses in the retail, restaurant, and hotel industry. When plugged into a target system it executes malware. Packages with the USB device may include other items such as teddy bears, gift cards, and other miscellaneous items. Do not plug in any unknown USB devices to any computer system. - FBI

3.26.2020: FBI's Internet Crime Complaint Center (IC3) warned of an ongoing phishing campaign delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims. - FBI
        
3.26.2020: Fraudsters have reportedly used coronavirus as a new tactic in scam robocalls in the US. These calls have attempted to defraud victims by claiming to sell “at home testing kits” or claiming that they can receive their government stimulus funds early if they provide credit or debit card information. - FBI

3.20.2020: Over the past several weeks, there has been a significant increase in malicious email activity surrounding the Coronavirus. Several security organizations have seen emails containing documents with guidance from HR departments, to emails from distribution companies selling masks, gloves, and other protective equipment that contain suspicious links.

Here are some of the phishing methods actively used right now to infect computers:

• One attack that uses social engineering techniques to masquerade as the Public Health organizations, along with impersonating the WHO trademark as a decoy to lure unsuspecting users into opening a malicious Word Doc file.
• In another recently observed Coronavirus-themed spear-phishing attack. The email tries to compel the reader into opening an attached document, which was observed to have several attachments, all use the same nomenclature (f216785352XX.doc). 
• Another email suggests that Coronavirus cases in the reader’s region have been documented and that the reader should urgently open the attachment for further guidance. The contents of the Word document try to compel the user into enabling macros with an official Office looking template that uses the familiar Microsoft Word trade dress color of blue.
• One of the samples used the email subject “Corona Virus Latest Updates” and claimed to come from the Ministry of Health. It contained recommendations on how to prevent infection and came with an attachment that supposedly contains the latest updates on COVID-19 but actually carried malware.
• Many spam emails are related to shipping transactions, either postponement due to the spread of the disease or one that provides a shipping update. One email concerning shipping postponement, supposedly containing the details of the new shipping schedule, bears malware.”

Encourage your employees to be on alert and be diligent when opening emails and emails with attachments!