RSA Security Finds Thousands of Domains Containing Words “Coronavirus” and “COVID-19” Were Registered in January 2020

  • Covid-19 , Security
  • 31.03.2020 11:26 am

RSA Security’s Fraud & Risk Intelligence (FRI) Unit has today released details of recently-uncovered scams and cybercriminal activity, providing a snapshot of the cyber-fraud environment from behind enemy lines. The team have identified tens of thousands of newly-registered domains that contained the words “coronavirus” and/or “COVID-19” as far back as January 2020, demonstrating that fraudsters have been well-prepared to profit from the pandemic. Furthermore, the team has highlighted eight specific digital risks that it has seen emerge in the wake of the pandemic, including:

  1. Account takeovers targeted at children: Account takeovers often involve cybercriminals using stolen credentials from data breaches to take over consumer accounts. However, with so many children being out of school and spending more time indoors and online, fraudsters are now reaching out to children directly, in hope of gaining access to their gaming and other online accounts.
  2. Fake e-commerce sites offering high-demand supplies: Several fake websites offering high-demand supplies at inflated prices – including hand sanitiser, masks, gloves, etc. – have been set up to capitalise on consumer panic. Money is taken, but no supplies are ever shipped. Even more troubling are websites purporting to offer free vaccines or other treatments for COVID-19, which are actually being used to steal payment card and other personal information from victims.
  3. Fake news apps: Mobile apps are a rapidly growing attack vector for spreading malware, spyware and ransomware. Fraudsters have released a variety of fake mobile apps related to COVID-19, claiming to offer breaking news and updates, but instead downloading malware that is capable of taking over a victim’s mobile device.
  4. Phishing emails preying on people’s health fears: The worst example of opportunistic phishing emails that the FRI unit has seen purport to come from the World Health Organization (WHO). These result in malware being installed to collect private information from the recipient’s device, establish remote access to the device, or steal address book information to send more emails to the recipient’s friends. See enclosed example email.
  5. Smishing for donations: A smishing attack is a phishing attack that uses SMS messages (hence smishing as opposed to phishing) instead of emails to carry out the attack. These kinds of efforts typically try to trick anyone who responds into providing account information in order for them to be able to claim whatever is being offered; or asking for donations to support people through the crisis, preying on people’s good nature. See enclosed example messages.
  6. Vishing targeted at stealing bank details: Here, RSA has seen bank customers being sent emails advising them to call a VoIP number (hence vishing as opposed to phishing) to resolve a missed payment. This newer type of attack, dubbed reverse vishing, uses emails, online ads or social media posts to persuade potential victims to call a phone number that is controlled by the fraudster.
  7. Too-good-to-be-true social media offers: Fraudsters are using COVID-19 as a pretext for an act of generosity, giving away tickets or discounts. But what fraudsters really want from social media attacks is for the reader to click through and provide personal information or sign up for costly services – and, even better, for them to share the post with friends, so even more victims can be lured in.
  8. Earn-from-home scams: Work-at-home “opportunities” popped up relentlessly several years ago after the global financial crisis, several of which RSA reported on at the time. If there ends up being a global recession due to COVID-19, expect bad actors to prey on vulnerable consumers and for work-at-home fraud scams to thrive.

“While these are unprecedented times, what we are seeing in terms of fraudsters trying to cash in on the mayhem is sadly all too familiar – events such as these tend to bring out both the best and worst in people. Yet even I have been shocked at some of the brazen opportunism that is taking place,” comments Daniel Cohen, head of anti-fraud products and strategy at RSA Security“Fraudsters posing as WHO specialists, offering information on safety measures; texts claiming to be from the HMRC advising of “goodwill payments” from the government; ‘online friends’ tricking kids into giving up their log-in details; social media posts giving everything from two free airline tickets to a year’s worth of groceries, and more – it’s evident that fraudsters have been quick and creative in finding new ways to take advantage of the current situation. We strongly advise consumers to be on their guard.”

In response to the barrage of new digital risks facing citizens, RSA Security has asked consumers to take heed of the advice provided on the Federal Communications Commission (FCC) website:

  • Do not respond to calls or texts from unknown numbers, or any others that appear suspicious.
  • Never share your personal or financial information via email, text messages, or over the phone.
  • Be cautious if you’re being pressured to share any information or make a payment immediately.
  • Scammers often use fake phone numbers to trick you into answering or responding. Remember that government agencies will never call you to ask for personal information or money.
  • Do not click any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren't hacked.
  • Always check on a charity (for example, by calling or looking at its actual website) before donating.

“These scams can only be successful if the victims interact with the fraudsters – we each have the power to protect ourselves, as long as we are careful not to allow ourselves to be manipulated,” Cohen concludes. “This is not always easy, but there are some tell-tale signs to look out for; for example, fraudsters will try and make you think you need to act fast or miss out, so that you do not take time to question what is on offer. They also try to prey on our fears, for example by saying you have missed a payment, so that, again, you feel under pressure. Ultimately, we all need to act smart online to limit our exposure and take time to think before we click or interact.”

Related News