Situational Awareness – Coronavirus Scam Developments, and Score a Couple for the Good Guys

An SRU would not be complete these days without highlights of coronavirus-related cyber activity. Today, we bring you another COVID-19 Key Developments from risk intelligence organization Flashpoint, including government responses, law enforcement actions, cybercrime activity related to coronavirus, and trends in mis/disinformation.

The Unit 42 researchers at cybersecurity firm Palo Alto Networks published experiential evidence on how cyber criminals are preying on the COVID-19 pandemic, specifically on the immense volume of coronavirus-related Google searches. The research determined the traditional malice abusing coronavirus trends includes domains hosting malware, phishing sites, fraudulent sites, malvertising, cryptomining, and black hat Search Engine Optimization (SEO) for improving search rankings of unethical websites. Additionally, although many webshops that use newly registered domains try to scam users, Unit 42 detected an especially unethical cluster of domains capitalizing on users’ fear of coronavirus to further frighten them into buying their products. One thing is for sure, the study confirms what we have known all along – cyber threat actors have no ethics and will not miss an opportunity, no matter how tragic.

In another study, IBM’s Security Intelligence and Morning Consult conducted a survey on the effectiveness of COVID-19 phishing attempts against U.S. residents. Alarmingly, the survey revealed that messages impersonating the IRS are not raising any red flags with users. However, unsurprisingly, stimulus checks and COVID-19 testing are the most enticing lures. Ultimately, the survey revealed the need to strengthen users’ understanding of the legitimate channels that government institutions use to communicate with constituents. To help staff avoid falling for coronavirus-related scams, remind them:

• to use trusted sources when looking for information – navigate directly to the website, do not click on links
• do not open unsolicited attachments, EVER
• to trust but verify – tell them to expect everything COVID-related is a scam
• the IRS will never send an email – visit IRS.gov to address any questions

For more details on why these scams are so successful, visit Security Intelligence

Not all developments are doom and gloom. The good guys have had some success recently, and that is a confirmation that reporting scams, particularly to IC3.gov DOES work! Federal authorities announced today that an ongoing cooperative effort between law enforcement and a number of private-sector companies, including multiple internet domain providers and registrars, has disrupted hundreds of internet domains used to exploit the COVID-19 pandemic to commit fraud and other crimes. As of April 21, 2020, the FBI’s Internet Crime Complaint Center (IC3) has received and reviewed more than 3,600 complaints related to COVID-19 scams, many of which operated from websites that advertised fake vaccines and cures, operated fraudulent charity drives, delivered malware, or hosted various other types of scams. Read the notification at the Department of Justice

In another feel-good story, ZDNet has posted an article on how the Mobile industry, banks and NCSC are collaborating on SMS SenderID Protection Registry, which has already stopped at least 70 COVID-19 SMS scams from being sent.