Threats Today, Threats Tomorrow, But Is There Light At The End Of The Tunnel?
As we explore fraud in a time of crisis, we look to stories that help us protect our world today, tomorrow, and beyond. This Week in Fraud Trends, March 20, 2020.
In times of crisis, we all become a little more vulnerable, and unfortunately, vulnerability is what fraudsters feed on. Across the globe, people are anxious, confused, and experiencing unprecedented pressures and worries. At the same time, the world is migrating online, and having to learn to conduct their lives in entirely new ways. All of this change and uncertainty plays right into the hands of fraudsters who will exploit any available opportunity.
Sadly, there appears to be no end to fraudulent exploitation of the COVID-19 crises, and the situation has gone well beyond fake ads for masks and inflated hand sanitizer prices. A new article this week from Krebs on Security shines a light on a serious new fraud concern:
“With many people being laid off or working from home thanks to the Coronavirus pandemic, cybercrooks are almost certain to have more than their usual share of recruitable “money mules” — people who get roped into money laundering schemes under the pretense of a work-at-home job offer.”
As the reality of an extended crisis situation continues to settle in, it’s essential we stay on high alert for scenarios that can become breeding grounds for future threats. For example, we received a good warning this week via Infosecurity Magazine about potential privacy threats related to the COVID-19 outbreak:
“Cell phone network operators are able to track people anonymously and supply aggregated data to the appropriate government authorities. The data can be used not only to map where individuals are going but also to show via concentrations of cell phone signals whether the public are ignoring bans on congregating. Exactly how anonymous the data is remains to be seen in light of a study published in August that showed how reverse engineering powered by machine learning can trace anonymized data sets back to individuals.”
The Infosecurity Magazine team also called attention to increased VPN usage in the wake of shelter-in-place policies being enacted:
Several sources have sent out warnings this week about VPN vulnerabilities:
“The Department of Homeland Security’s cybersecurity agency this week shared tips on how to properly secure enterprise virtual private networks (VPNs) seeing that a lot of organizations have made working from home the default for their employees in response to the Coronavirus disease (COVID-19) pandemic.”
You can find the official alert from the DHS here:
ZDnet cautioned this week about yet another component of the VPN issue:
“With so many organizations moving their employee workforce to work-from-home jobs, there is now a new threat on the horizon — extortions. Hackers could launch DDoS attacks on VPN services and exhaust their resources, crashing the VPN server and limiting its availability. With the VPN server acting as a gateway to a company’s internal network, this would prevent all remote employees from doing their jobs, effectively crippling an organization that has little to no workers on-site.”
From Canada’s The Standard this week, we got a new example of the kind of exploitative creativity fraudsters are exhibiting during these worrisome times. In this instance, the fraud is a twist on something known as a “pump and dump”:
“In that type of scam, a fraud artist creates or buys a shell company and circulates positive, false information to pump up the value of its stock — which the scammer then sells or dumps before investors catch on and the price falls.”
Canadian Securities Administrators issued a statement warning about this kind of activity:
“When investing in any company, carefully research the investment and keep in mind that fraudsters often exploit the latest crisis … if you believe that you or someone you know has been offered a fraudulent opportunity related to the coronavirus, please contact your provincial or territorial securities regulator.”
From DataVisor’s own research team, we know that fraudsters are quickly adapting, even as the outbreak evolves:
Ting-Fang Yen, DataVisor’s Head of Research, closes her post on a positive note:
“While uncertainty continues to reign as the world struggles valiantly to contain the spread of COVID-19, there are nonetheless data-informed measures we can take to ensure that fraudsters do not gain the upper hand during these worrisome times. Understanding how fraud is affecting different economic sectors represents a positive step towards securing the safety of the businesses and customers in each of these impacted industries.”
And while we’re on the positive, let’s go to …
The Tweet of the Week!
Stay safe, stay healthy, wash your hands, shelter in place, and join us next week for another episode of This Week in Fraud Trends!
