Skip to main content

Analysis | The Cybersecurity 202: Coronavirus pandemic unleashes unprecedented number of online scams

By Joseph Marks

Pedestrian uses her phone while wearing a face mask in New York. (AP Photo/John Minchillo)
Coronavirus has inspired an unprecedented number of online scams targeting people and businesses – and researchers say the wave of attacks is just getting started. 
The massive volume of cybercriminal activity reflects the overwhelming scope of the pandemic, which has upended every aspect of daily life across the world — from how people seek medical information to how they work, socialize and shop for groceries. The mass uncertainty allows criminals to prey on broad swaths of the global population.
“Spammers and scam artists have never had an opportunity like this before,” said Stephanie “Snow” Carruthers, who leads a team focused on studying phishing at IBM's hacking research division.
“Covid-19 is the first event of its kind since the birth of the Internet. This global pandemic impacts so many different aspects of our lives including physical and financial safety, across geographies for an unpredictable time frame,” she said. And that’s “a perfect lure” for online criminals, she added.
Since at least Hurricane Katrina in 2005, online scammers have piggybacked off major news events to trick people into clicking links they shouldn't and downloading malicious software or sharing personal and credit card information with what they mistakenly believe are legitimate businesses. These days, phishing gangs that normally have a range of other campaigns are now focusing on coronavirus-related scams because the opportunities to profit are so great, experts say.
The figures are staggering. 
Consumer complaints in the United States related to the coronavirus have doubled in the past week to 7,800, according to the Federal Trade Commission
The explosion of scams includes robocalls, texts, and emails posing as government officials or businesses offering refunds for missed vacations or virus-testing kits. The average loss for a consumer duped by one of these scams is nearly $600, the agency reported, which adds up to nearly $5 million nationwide. 
Scammers have posed as legitimate businesses selling coronavirus treatments, charities funneling help to the infected and officials from the Centers for Disease Control and Prevention, the Small Business Administration and the World Health Organization, researchers said.
“The pandemic has led to an explosion of cybercrime, preying upon a population desperate for safety and reassurance,” concluded a report from digital security consulting group Interisle. The report was delivered yesterday to ICANN, an international body that manages many basic Internet functions.
The number of emails that used phony information about the virus to trick people into infecting their phones and computers has increased by 14,000 percent in just two weeks, according to a report from IBM’s X-Force research division.
Palo Alto Networks logged over 100,000 new potentially phony Web domains registered with words includingcovid,” “virus” and “corona” in their names, in just the past few weeks. And that doesn’t count phony sites that claim to sell protective gear such as masks and hand sanitizer.
An analysis of Google data by the firm AtlasVPN found a 350 percent spike over three months in phony websites related to the virus and designed to separate people from their money or personal information.
The Justice Department has taken notice, urging prosecutors to prioritize scammers selling phony medical equipment and snake- oil cures. The department brought its first criminal fraud case against such a scammer last week — a Southern California man who sold pills to an undercover agent that he claimed could prevent people becoming infected with the virus. He also falsely claimed that former basketball star Magic Johnson was on his board of directors.
But the vast majority of scammers are unlikely to face any consequences. And their scams probably are still proliferating, experts told me. 
Predictions about the long duration of the pandemic, expected to last at least several months, is also likely spurring phishing gangs to invest in developing more elaborate scams, such as posing as medical suppliers and conning hospitals and clinics into buying nonexistent goods from them, said Peter Cassidy, co-founder of the Anti-Phishing Working Group.
“That kind of business-to-business scam takes a lot more sophistication and patience, and this event gives them copious time to develop attacks like that,” he told me.
By contrast, during Hurricane Katrina, online scammers spent only a few weeks targeting people with phony warnings from government agencies and pleas from charities — hardly enough time to develop complex operations backed by legitimate-looking websites, Cassidy said.
The two big lessons, he said, are that cybercriminals will exploit any event they can make a buck off – and that consumers and businesses had better beware.
“It’s sad we have to be suspicious of our own impulse to act humanely and to aid public health, but that’s what they exploit," he told me. "[The virus] is just another story to [the scammers] and it’s a story that works. They’ll discard it the moment it stops working.”
You are reading The Cybersecurity 202, our must-read newsletter on cybersecurity policy news.
Not a regular subscriber?


Zoom CEO Eric Yuan attends the opening bell at Nasdaq as his company holds its IPO in New York. (Mark Lennihan/AP)
PINGED: Sen. Richard Blumenthal (D-Conn.) wants to know what videoconferencing company Zoom is doing about a rise in reports of hackers hijacking private meetings to share hateful language and illicit images, according to a letter to CEO Eric Yuan. The attacks, known as Zoombombing, have risen sharply as the company's software has surged in popularity during the pandemic.
The FBI also issued a bulletin about the attacks yesterday, citing several instances where cybercriminals have dropped in on virtual classrooms to share pornographic or hateful content, as my colleague Valerie Strauss reports.
Researchers have also raised numerous other security and privacy concerns about the videoconferencing service that Warner cited in his letter. For instance, the company's encryption may not be as strong as its marketing implies, Micah Lee and Yael Grauer report for the Intercept. The company also leaked the personal information of at least 1,000 users to other users who had the same personal email domain, Joseph Cox at Motherboard reported,
“The millions of Americans now unexpectedly attending school, celebrating birthdays, seeking medical help, and sharing evening drinks with friends over Zoom during the Coronavirus pandemic should not have to add privacy and cybersecurity fears to their ever-growing list of worries,” Blumenthal wrote.
Zoom Chief Marketing Officer Janine Pelosi said in a statement that the company condemns the behavior described in Blumenthal's letter. “Zoom takes its users’ privacy, security, and trust extremely seriously,” she said. “We appreciate Senator Blumenthal's engagement on these issues and look forward to discussing with his office.”

FPaid volunteers,help sort absentee ballots. (Rick Wood/Milwaukee Journal-Sentinel via AP)
PATCHED: Wisconsin, which is moving forward with its primary election next week, could be a test case for the supreme difficulties of voting during the pandemic, my colleague Amy Gardner reports.
Officials there have urged residents to vote by mail if they fear going to the polls, but advocates worry many voters will be unable to navigate the unfamiliar and complex process. Many polling places, meanwhile, will be shuttered or lack adequate staff, which could create a bevy of technical failures or security lapses.
“Wisconsin is the only one of the 11 states originally scheduled to hold contests in April that has not postponed or dramatically altered voting amid the pandemic,” Amy notes.
“We do not have the technical capacity to actually run a vote from home campaign in the state of Wisconsin, where every voter could actually get an absentee ballot, know how to vote that absentee ballot and participate in the election,” said Debra Cronmiller, executive director of the state chapter of the League of Women Voters, which is among the plaintiffs in three federal lawsuits that are seeking a variety of remedies, including postponing the elections.

The Huawei logo. (Fred Dufour/AFP/Getty Images)
PWNED: The U.S. government should expect retaliation from Beijing if it goes through with a proposal to further restrict the Chinese telecom Huawei's access to U.S. suppliers, the chairman of the company said.
“I think the Chinese government will not just stand by, watching Huawei be slaughtered,” Huawei Chairman Eric Xu said Tuesday, as reported by Dan Strumpf of the Wall Street Journal. “I believe the Chinese government may also take some countermeasures.”
The White House is mulling trying to weaken the Chinese tech giant by forcing its main chip suppliers to seek U.S.  approval before selling Huawei any technology made with equipment sourced from the United States.
The United States has already blacklisted Huawei from buying from U.S. companies directly and barred the company from building its next-generation 5G wireless networks over spying fears. Officials have also spent more than a year trying to convince foreign powers that they should ban Huawei from their emerging 5G networks but with limited success. Huawei has steadfastly denied aiding Beijing spying .


A Portland, Ore., Marriott. (Rick Bowmer/AP)
Hackers may have accessed the names, phone numbers, addresses and other personal information of approximately 5.2 million Marriott guests in a data breach, the company revealed yesterday, Dee-Ann Durbin at the Associated Press reports. It's the second major data breach to hit the hotel chain in less than two years. 
Marriott does not believe that the breach, which took place between January and February, involved guests’ credit card information, passport numbers or driver's licenses. The company says it disabled the accounts hackers used to access the information and is working with authorities.
Government investigators suspect an earlier breach at the hotel chain that affected up to 500 million guests may have been part of a Chinese espionage effort to gather massive troves of data about U.S. citizens, but the government never formally blamed China for the hack.
— More cybersecurity news from the private sector:

As brick and mortars close due to the novel coronavirus, thieves have increasingly targeted digital checkout.

Houseparty was swift to deny the reports and even go so far as to claim — without evidence — it was investigating indications that the “breach” was a “paid commercial smear to harm Houseparty,” offering a $1 million reward to whoever could prove its theory.


Cybersecurity news from the public sector:

The inspector general issued a memorandum alerting officials of widespread problems in FISA applications.
Devlin Barrett and Ellen Nakashima

Virtual efforts by advocacy groups, states and the Census Bureau aim to encourage participation in the 2020 census by the millions of Americans who are typically hard to count.
Wall Street Journal

Speaker Nancy Pelosi (D-Calif.) and more than 50 state Democratic officials advocated strongly on Tuesday for Congress to give states more funding to support mail-in and absentee voting efforts as part of the next c
The Hill


British Prime Minister Boris Johnson evidently didn't get the memo about Zoom. He tweeted out an image of a cabinet meeting hosted on the platform that included his meeting number. Journalist Kevin Collier points out the security risks:
I don't want to be the one to try it, but does anyone know what happens if you try to brute force a password-protected Zoom meeting?
— Kevin Collier (@kevincollier) March 31, 2020


  • CyberHub USA is hosting a free virual summit: Security During Social Distancing on Thursday. You can register here.


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in