Pages

Search This Blog

Translate

Search Tool




Aug 24, 2020

Analysis | The Cybersecurity 202: Coronavirus crisis spawned more scams than any other event in the last decade


Joseph Marks


The pandemic has prompted more than 170,000 complaints for scams related to everything from masks, face shields and miracle cures to government stimulus payments and unemployment, according to data compiled by the Federal Trade Commission.
“When we track things like natural disasters, we get thousands of complaints. Not tens of thousands but thousands. So, this is far, far bigger,” Monica Vaca, associate director for the Federal Trade Commission's division of consumer response and operations, which collects consumer fraud complaints, told me.
Since January, coronavirus-related scams have made up about 8 percent of all fraud complaints forwarded to the FTC from numerous law enforcement agencies and consumer groups. In recent months, that percentage has grown closer to 12 percent. (People can report a coronavirus-related scam here.)
The data includes scams conducted online, by phone and by other methods, and those that are aimed at stealing money directly from consumers as well as those aimed at gathering personal information so scammers can steal victims’ identities, file phony tax returns or apply for other government benefits.
And the scams are paying off. So far, consumers have reported losing more than $114 million to coronavirus fraud, according to FTC data.
“When fraudsters figure out what's working and what's lucrative, they tend to pour a lot of energy into it,” Vaca said. “But even [fraud associated with] things like hurricanes and natural disasters tends to be short lived. They’re far smaller in scope than what we’ve seen with the pandemic.”

Hackers are creating coronavirus-related phishing scams that will load up people's computers with malware.

That doesn’t mean more people are conducting scams or sending phishing emails. But it does mean that if scammers are looking to current events to spark victims’ interest, there’s basically one game in town, Craig Williams, director of outreach at Cisco’s Talos cybersecurity threat-tracking division, told me.
“Every human on Earth now has one thing in common, something that will make them click on a [malicious] attachment or a link, and bad guys realize that,” Williams said.
The same threat actors and malware families that we observed prior to the crisis are largely pursuing the same objectives as before the crisis, using many of the same tools. They are simply now leveraging the crisis as a means of social engineering,” Kelli Vanderlee, manager of analysis at the cybersecurity company FireEye’s Mandiant Threat Intelligence unit, told me in an email.

It’s not clear how long the surge of coronavirus scams will continue. 

The number of such  scams reported to the FTC grew from about 18,000 in March to a peak of nearly 40,000 in April and May. That dipped to about 35,000 in June and 30,000 in July.
But scam watchers fear the numbers could rebound if people who’ve lost their jobs or are working reduced hours during the pandemic become more desperate. That could make them more likely to fall for scams about job opportunities and government assistance.
And things are likely to get worse with no end to the pandemic in sight, and Democrats and Republicans in Washington deadlocked on plans to offer additional relief.
“I’m…concerned that the July number is going to be a blip unless we get some [more] stimulus money out the door,” said John Breyault, vice president for public policy for telecommunications and fraud at the National Consumer League. “Without an eviction moratorium, people are going to get desperate for housing. Those could return us to the levels we’re seeing in March, April, May. That creates a huge new pool of potential victims for the scammers.”

The scope of coronavirus scams also demonstrates how broadly the pandemic has affected people’s lives. 

The largest category of complaints relates to online shopping for virus-related supplies, such as masks.
But the second-largest category is about travel scams — mostly preying on people who are trying to recoup money from canceled trips rather than trying to sell them fake dream vacations. “Those complaints really aren’t about the kinds of travel scams we’re used to seeing at all,” Vaca said.
In the category of health scams, in addition to hawking phony drugs, scammers are also offering to help people recoup money from gym memberships they’re still paying for but haven’t been able to use during shutdowns.
Interestingly, there has been a sharp decrease in phone scams that involve talking to live humans, including those that involve impersonating representatives from the IRS, Social Security Administration and other government agencies to trick people into revealing personal and financial information. Those sorts of scams were surging before the pandemic.
One likely reason for the decrease: Phone bank-like operations where those calls were coming from have shut down during the pandemic.

If there’s anything that compares to the coronavirus in terms of the scale and duration of scams, it’s probably the 2009 financial crisis. 

The FTC retains scam data for only five years, so it’s impossible to do an apples-to-apples comparison. But the crisis sparked a similarly wide array of scams that lasted for a similarly long period, Vaca told me.
And, if the financial crisis is a model, we can expect the pandemic to lead to years of litigation trying to shut down scams and claw back consumers’ money, she said. All  of which will take a severe financial and emotional toll on the victims.
“When you shut down a scam, you're doing a great job for the American public because that's somebody who's not going to defraud somebody tomorrow,” Vaca said. “But getting back money to people who were injured is really hard. We return a lot of money to consumers with our law enforcement cases, but it's very hard to recover 100 percent of what people have lost. Sometimes it's hard to recover 10 percent of what people lost.”

The keys



More than 540,000 mail ballots were rejected during primaries this year — enough to make a difference in the presidential election. 

Nearly a quarter of those ballots were in key battlegrounds for the fall, illustrating how missed delivery deadlines and uneven enforcement of rules could influence the election's outcome, Elise Viebeck reports
In total, more than 125,100 primary mail ballots were rejected by election officials in eight battleground states, according to data compiled by The Washington Post. The rejected ballots included those that arrived late or were tossed for other reasons including voter errors such as failing to sign an external envelope.
Studies have found that votes cast by mail are more likely to be rejected than in-person votes, adding more uncertainty to the process. Part of the problem is that users who are new to mail voting might not know the appropriate procedures. And in states that have had traditionally low mail-voting rates, uneven training and enforcement can lead to more rejections. 
“Any time you see a dramatic increase in participation in any kind of voting, what you also see come along with that is folks who are maybe new to that process, who aren’t incredibly clear on the rules,” said New Mexico Secretary of State Maggie Toulouse Oliver (D), president of the National Association of Secretaries of State.

Twitter flagged another tweet by President Trump for violating its election integrity rules.

This time, the president suggested that voters could contract the coronavirus by using mail-in ballot drop boxes, Felicia Sonmez reports. Such drop boxes have been common for years in many states. More recently election officials have been promoting them to voters who are concerned that Postal Service delays might prevent mail ballots from arriving on time. 
Trump also suggested without evidence the drop boxes could enable fraud. 
“So now the Democrats are using Mail Drop Boxes, which are a voter security disaster. Among other things, they make it possible for a person to vote multiple times,” Trump tweeted. “Also, who controls them, are they placed in Republican or Democrat areas? They are not Covid sanitized. A big fraud!”
Twitter let the tweet remain on its platform, but users cannot retweet, reply, or like it.
“We placed a public interest notice on this tweet for violating our Civic Integrity Policy for making misleading health claims that could potentially dissuade people from participation in voting,” the company said in a tweet.
Twitter previously labeled a Trump tweet that stated without evidence that mail voting in California would lead to substantial fraud. It has not labeled the president's more general claims about election fraud.
Facebook allowed the same post to remain up but added a link to its Voting Information Center. CNN's Donie O'Sullivan:

TikTok plans to sue the Trump administration over an executive order that would ban it. 

“To ensure that the rule of law is not discarded and that our company and users are treated fairly, we have no choice but to challenge the executive order through the judicial system,” the company said in a statement to Reuters.
The company could file the lawsuit as early as today. TikTok's parent company, ByteDance, is exploring selling the app to avoid the Trump ban. 
Trump’s order would also ban the Chinese social networking app WeChat in the United States. A group of WeChat users unaffiliated with the app's owner also sued over the ban, Alexa Veiga at the Associated Press reports. The lawsuit alleges that the ban violates users' right to free speech and illegally targets Chinese Americans who rely on the app to communicate with family back home.

Government scan



Sen. Mark Warner (D-Va.) is pushing intelligence agencies to release more data about Russian disinformation targeting Biden. 

The dearth of public information about the effort could lead to Americans "unwittingly promoting that Russian disinformation campaign, the top Democrat on the Senate Intelligence Committee told Meet the Press.
Democrats have also raised concerns that a Republican investigation into Hunter Biden’s work in Ukraine is being used to launder foreign disinformation. Senate Judiciary Committee Chairman Charles E. Grassley (R-Iowa) and Homeland Security Committee Chairman Ron Johnson (R-Wis.), who are leading the investigation, have fervently denied those claims. 

Attorney General William Barr says he opposes any attempt to pardon NSA leaker Edward Snowden. 

The attorney general's rebuke follows recent comments from Trump that he planned to look into pardoning Snowden, who was charged with the Espionage Act in 2013. 
“He was a traitor and the information he provided our adversaries greatly hurt the safety of the American people,” Barr told Michael Balsamo and Eric Tucker of the Associated Press of Snowden. “He was peddling it around like a commercial merchant. We can’t tolerate that.”
Trump's comments also set off a backlash from Republicans in Congress who say Snowden is a traitor. 
More government cybersecurity news:

Global cyberspace



Russia could tap Huawei to build its 5G networks. 

That's a stark contrast with the United States, which has banned the Chinese-owned company from its 5G networks over national security concerns and is urging allies to do the same, Reuters reports.

Daybook


  • The House Oversight Committee will hold a hearing on "Protecting the Timely Delivery of Mail, Medicine, and Mail-in Ballots" today at 10 a.m.
  • The Republican National Convention will take place Monday through Thursday.
  • The Center for Strategic and International Studies will host an event titled "Combatting Malign Influence in 2020: A Conversation with Deputy Attorney General Jeffrey Rosen" on Wednesday at 12 p.m.

Secure log off


Here's to another week of convention speeches:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.