Covid-19 Online Scams

Consumer Protection Initiative

FraudWatch is actively targeting all COVID-19 related Online Scams to protect all Internet users from cyber criminals.

The initiative includes 3 parts:
  1. Detection and Take Down of all COVID-19 related Scams
  2. Consumer Education – Show examples of the types of scams cyber criminals are using to help educate consumers. We encourage other websites and news organizations to use the material to educate consumers to prevent them from getting scammed.
  3. Blocklist of known COVID-19 related Fraudulent URL’s – real time updates to be used by ISP’s and other cyber security companies to block consumers from visiting known malicious sites.

Active Scam/Incidents

COVID19 – Malware Drop Zone

COVID19 – Malware Drop Zone

Incident type :Malware http://lahkeblogger.org/Date Found: 23/11/2020
COVID19 – Malware Drop Zone

COVID19 – Malware Drop Zone

Incident type :Malware http://babafingor.net/Date Found: 24/11/2020
COVID19 – Cerberus Android Malware

COVID19 – Cerberus Android Malware

Incident type :Malware http://saglik-akademi-pan-de-mi-destek-gov-tr.ga/Date Found: 24/11/2020

Chronologically listed set of COVID-19 Threat Intelligence data

Supervalu scam free grocery vouchers

Supervalu scam free grocery vouchers

Type : Dark Web MarketplaceDate of intel: 16/04/2020
Observations/Findings:

European grocery Supervalu is being scammed with fake vouchers via whatsapp

Targets: Consumers
‘dread’ chatter regarding 401k accounts

‘dread’ chatter regarding 401k accounts

Type : Dark Web ChatterDate of intel: 09/04/2020
Observations/Findings:

dread cybercriminals discussing hacking peoples 401k accounts.  These accounts are specific to the US regarding their version of superannuation/retirement accounts.

Targets: Consumers
‘dread’ chatter and spreading malware through email

‘dread’ chatter and spreading malware through email

Type : Dark Web ChatterDate of intel: 06/04/2020Targets: Consumers

Scam Consumer Protection

Awareness

As users of the internet and other platforms including social media and mobile applications, it’s always important to be aware of what you’re doing online. Criminals make a living off making scams difficult to spot in order to steal your personal details or your money.

In times of crisis, like the Covid-19 or Coronavirus pandemic that has affected the whole world, the criminals aim to capitalise on you being distracted and in many cases socially isolated at home and away from the protections of your office or business networks.

The basic rules of protecting yourself on the internet and in the age of modern business apply now more than ever:

  1. Don’t click on links in emails when you’re not expecting something from that company OR you do not have a service with that company
  2. Only download mobile applications from reliable App marketplaces
  3. If you receive phone calls from people trying to get you to take action or provide personal or financial information over the phone, always call back a number you can locate and verify for that business and ask to speak with someone directly
  4. If you receive an SMS prompting you to click on a link or take action to provide or verify personal or financial information, always check with the company who has supposedly sent you that message by calling a number and verifying with someone from that business
  5. Try and keep up to date virus and spam protection on your computer and email services.

Examples

A site selling medications that supposedly cure the Coronavirus:

A fake SMS message about free masks in Canada:

A banking malware targeting Spanish victims by offering information about infections near you for a small fee to steal credit card details:

A phishing scam impersonating the World Health Organisation:

An email claiming to provide ‘life saving information’ about the Coronavirus:

Types of Scams

  • Phishing – Probably the number one threat at the moment. Cybercriminals are exploiting the situation to send out emails containing malicious links or attachments supposedly providing information about the Coronavirus, when in fact, they aim to infect PCs or mobile devices with malware. Roughly 100,000 new domains containing the phrase “Coronavirus” were created in the past couple of weeks to facilitate the phishing effort.
  • Malware – Cyber criminals have been using the Coronavirus theme to distribute malware. A lot of them are impersonating health authorities to get users to click a link that contains malware in the form of Trickbot or other trojans.
  • Social Media – As social media networks are gaining much more traffic during this period, they can also be exploited for malicious purposes. Cybercriminals have been exploiting the widespread of social media to create fake content, to scam people for money or personal details.
  • Mobile Apps – Several malicious apps have also been uploaded to app stores (Google Play, Apple Store), mostly disguised as Coronavirus related content. These are not the official apps that some governments published, but ones created by hackers for malicious purposes.
  • Brand Abuse – Incidents in which cybercriminals are impersonating popular brands and organisations in order to con victims have also been reported. In many cases the senders are pretending to be from official organisations, such as the WHO, the CDC, etc.
  • Fake News – A lot of websites and emails have been appearing containing false information regarding the pandemic, supposedly from relevant companies and organisations. These are meant to frighten the public or get people to take actions they wouldn’t otherwise take.
  • SMS / Phone Scam – Similar to the Phishing threat, cybercriminals are calling people or sending SMS messages with COVID-19 related lures, trying to infect devices or again to get people to give away money or personal information

Latest News Articles and Active Scams

Comments are closed.