Coronavirus Fraud Dominates the News
Fraudsters prove once again willing to exploit any situation for criminal gain — including a global health crisis. This Week in Fraud Trends, March 6, 2020.
If there were any lingering doubts as to the fundamental amorality of modern-day fraudsters, the news this week ought to have put those doubts to rest, as we saw numerous stories about fraudsters attempting to leverage the COVID-19 crisis to advance their illicit activities.
As reported by Forbes:
“Amazon has already removed more than one million products for making false claims related to the virus, Dharmesh Mehta, Amazon’s vice president of worldwide customer trust, told a House sub-committee today. Mehta’s disclosure came in response to questioning during a hearing on fake and unsafe products held by the Subcommittee on Consumer Protection & Commerce of the House Commerce Committee.”
And from Vox:
“If you didn’t have enough to worry about with the new coronavirus, here’s one more thing: Scammers are using the outbreak to steal your information through phishing attempts or to lure you into downloading a different kind of virus.”
And from the Wall Street Journal:
“Criminals are using concerns about the coronavirus epidemic to spread infections of their own. They are forging emails mentioning the outbreak that appear to be from business partners or public institutions in an effort to get users to open the messages, unleashing malware.”
DataVisor CEO Yinglian Xie has just completed an interview with Karen Webster of PYMNTS, in which she discusses how AI can help track the rate of contagion to forecast how the outbreak might grow over time.
“This is a good time to really reflect on the protection measures every organization has in place in this ‘digital era,’” Xie told Webster. “It’s the moment to make sure every organization has the foundations and the technologies in place to protect all of us.”
The following is a resource we discovered this week to assist with spotting and avoiding the kinds of frauds and scams that are emerging in the wake of the COVID-19 crisis:
Among the recommendations the article offers are specific tips for spotting phishing attempts:
“In house lawyers should be on the lookout for communications (e.g., emails or texts) that seek to dupe employees and contain phishing or exploitation content. The communication may say something about COVID-19 and then request employees to take specific actions.
Here are some examples:
- “Your office location is closed, please remote in today (see hyperlink).”
- “Because of COVID-19, payroll is making adjustments and we need to update account information (see hyperlink).”
- “All employees are asked to sign in (see hyperlink) and update their wellness status.”
- “Relief donations are being solicited (see hyperlink).”
The new edition of the Digital Fraud Tracker from PYMNTS offers a deep dive into strategies for defeating phishing attacks:
Included in the report is an Executive Insight from DataVisor CEO Yinglian Xie, who discussed the increasingly worrisome challenges associated with phishing and related attack types:
“Tactics such as phishing, credential stuffing, and social engineering have become so widespread, identity theft is rampant, and damage from content abuse, buyer-seller collusion, and application fraud continues to worsen. The problems are compounded by speed, scale, and, increasingly, duration. Only transformational technologies such as unsupervised machine learning (UML) enable the real-time responsiveness necessary to stop this kind of fraud at the gate.”
Data breaches, of course, play a critical role in phishing attacks, as they provide the raw material fraudsters rely on to prey upon innocent victims. So it was troubling to learn, this week, of a new breach that exposed personal details for nearly one million customers of Virgin Media:
“The incident exposed the personal details of approximately 900,000 customers, representing around 15% of the company’s entire customer base. Exposed data varies by user, but it could contain names, home addresses, emails, phone numbers, along with technical and product information.”
Virgin Media posted an incident report that offers helpful suggestions, in FAQ form, to potential victims, and which acknowledges and addresses the connection between breaches and subsequent attacks:
“I’m concerned that people might try to email or phone me to steal my personal information. What can I do?
This is called phishing, which is when people try to persuade people to tell them their personal information, often through an email or phone call. Please remember:
- Virgin Media will never call or email you to ask for bank account details.
- If you ever receive a call, claiming to be from us, please report it to us straight away.
- If you receive an email that you are concerned about, don’t click on any links, open any documents or reply to it.”
Unfortunately, the Virgin Media breach was just one of many recent breaches disclosed this week, as Dark Reading highlights in this article:
“A series of enterprise data breaches disclosed this week underscores how criminals target various industries to steal and monetize data. The breaches at J.Crew, T-Mobile, and two units of cruise-line operator Carnival Corp., show that millions of customers can feel the effect of even the simplest exploit.”
We close now with our tweet of the week, which shines a light on efforts to leverage the power of AI to help address the coronavirus outbreak:
Tweet of the Week!
And with that, we wish you safety, good health, and happy hand-washing!
~
