By Joseph Marks
Pedestrian uses her phone while wearing a face mask in New York.
The massive volume of
“Spammers and scam artists have never had an opportunity like this before,” said Stephanie “Snow” Carruthers, who leads a team focused on studying phishing at IBM's hacking research division.
“Covid-19 is the first event of its kind since the birth of the Internet. This global pandemic impacts so many different aspects of our
Since at least Hurricane Katrina in 2005, online scammers have piggybacked off major news events to trick people into clicking links they shouldn't and downloading malicious software or sharing personal and credit card information with what they mistakenly believe are legitimate businesses. These days, phishing gangs that normally have a range of other campaigns are now focusing on
The figures are staggering.
Consumer complaints in the United States related to the
The explosion of scams includes
“The pandemic has led to an explosion of cybercrime, preying upon a population desperate for safety and reassurance,” concluded a report from digital security consulting group Interisle. The report was delivered yesterday to ICANN, an international body that manages many basic Internet functions.
The number of emails that used phony information about the virus to trick people into infecting their phones and computers has increased by 14,000 percent in just two weeks, according to a report from IBM’s X-Force research division.
Palo Alto Networks logged over 100,000
An analysis of Google data by the firm AtlasVPN found a 350 percent spike over three months in phony websites related to the virus and designed to separate people from their money or personal information.
The Justice Department has taken notice, urging prosecutors to prioritize scammers selling phony medical equipment and snake- oil cures. The department brought its first criminal fraud case against such a scammer last week — a Southern California man who sold pills to an undercover agent that he claimed could prevent people becoming infected with the virus. He also falsely claimed that former basketball star Magic Johnson was on his board of directors.
But the vast majority of scammers are unlikely to face any consequences. And their scams probably are still proliferating, experts told me.
Predictions about the long duration of the pandemic, expected to last at least several months, is also likely spurring phishing gangs to invest in developing more elaborate scams, such as posing as medical suppliers and conning hospitals and clinics into buying nonexistent goods from them, said Peter Cassidy, co-founder of the Anti-Phishing Working Group.
“That kind of business-to-business scam takes a lot more sophistication and patience, and this event gives them copious time to develop attacks like that,” he told me.
By contrast, during Hurricane Katrina, online scammers spent only a few weeks targeting people with phony warnings from government agencies and pleas from charities — hardly enough time to develop complex operations backed by legitimate-looking websites, Cassidy said.
The two big lessons, he said, are that
“It’s sad we have to be suspicious of our own impulse to act humanely and to aid public health, but that’s what they exploit," he told me. "[The virus] is just another story to [the scammers] and it’s a story that works. They’ll discard it the moment it stops working.”
PINGED, PATCHED, PWNED
Zoom CEO Eric Yuan attends the opening bell at Nasdaq as his company holds its IPO in New York.
The FBI also issued a bulletin about the attacks yesterday, citing several instances where
Researchers have also raised numerous other security and privacy concerns about the
“The millions of Americans
Zoom Chief Marketing Officer Janine Pelosi said in a statement that the company condemns the behavior described in Blumenthal's letter. “Zoom takes its users’ privacy, security, and trust extremely seriously,” she said. “We appreciate Senator Blumenthal's engagement on these issues and look forward to discussing with his office.”
Officials there have urged residents to vote by mail if they fear going to the polls, but advocates worry many voters will be unable to navigate the unfamiliar and complex process. Many polling places, meanwhile, will be shuttered or lack adequate staff, which could create a bevy of technical failures or security lapses.
“Wisconsin is the only one of the 11 states originally scheduled to hold contests in April that has not postponed or dramatically altered voting amid the pandemic,” Amy notes.
“We do not have the technical capacity to actually run a vote from home campaign in the state of Wisconsin, where every voter could actually get an absentee ballot, know how to vote that absentee ballot and participate in the election,” said Debra Cronmiller, executive director of the state chapter of the League of Women Voters, which is among the plaintiffs in three federal lawsuits that are seeking a variety of remedies, including postponing the elections.
The Huawei logo.
“I think the Chinese government will not just stand by, watching Huawei be slaughtered,” Huawei Chairman Eric Xu said Tuesday, as reported by Dan Strumpf
The White House is mulling trying to weaken the Chinese tech giant by forcing its main chip suppliers to seek U.S.
The United States
Marriott does not believe that the breach, which took place between January and February, involved guests’ credit card information, passport numbers or driver's licenses. The company says
Government investigators suspect an earlier breach at the hotel chain that affected up to 500 million guests may have been part of a Chinese espionage effort to gather massive troves of data about U.S.
CHAT ROOMBritish Prime Minister Boris Johnson evidently didn't get the memo about Zoom. He tweeted out an image of a cabinet meeting hosted on the platform — that included his meeting number. Journalist Kevin Collier points out the security risks:
I don't want to be the one to try it, but does anyone know what happens if you try to brute force a password-protected Zoom meeting?— Kevin Collier (@kevincollier) March 31, 2020
CyberHubUSA is hosting a free virualsummit: Security During Social Distancing on Thursday. You can register here.