COVID-19 Scam Roundup – April 20, 2020

Posted on April 20, 2020
COVID-19 Scam Roundup – April 20, 2020

Scams leveraging coronavirus 2019 (COVID-19) as a lure have stolen tens of millions of dollars from their victims. As of April 16, 2020, the Federal Trade Commission (FTC) had received 20,334 consumer reports of fraud attempts pertaining to the coronavirus since the beginning of the year. Those attacks that proved successful had caused their victims more than $15 million in damages at the time of writing. Unfortunately, both of those figures are likely to grow as time goes on. How could it not when Google revealed that it had spotted 18 million coronavirus-themed malware and phishing emails within a week's time? Not only that, but officials within the FTC said that these scams could last for years, as reported by KCRA News. No one knows how long any of this is going to last. It's therefore all the more important to stay up-to-date with the latest scams as malicious actors continue to employ new tactics and techniques. Here are some COVID-19 ruses that made headlines over the past week.

Fake Coronavirus Instructions from the White House

It was only a matter of time before COVID-19 scammers started impersonating the White House. In an email detected by Inky, digital fraudsters informed recipients that the IRS and the U.S. Department of the Treasury had decided to push Tax Day off until August 15, 2020. They then instructed users and businesses alike to click on a link in order to view the President's updated guidelines on the coronavirus.

Screen-Shot-2020-04-17-at-11.14.15.png

The fake White House email (Source: Inky) When they clicked on the email's embedded link, the campaign sent the user to a site that used the exact same HTML and CSS code as what's employed by the White House's official COVID-19 informational website. The only difference is that the site's "Download and read full document" button summoned a Microsoft Office document that leveraged malicious macros to load malware onto the user's computer.

Your Staff Is Infected with COVID-19!

In a roundup of new pandemic-themed ploys, Bitdefender found one ruse in which digital attackers claimed to be sharing a picture of the recipient's coronavirus-infected staff "per their request." The malicious actors used the disguise of a health adviser/laboratory technician from "Turish Hospital and Laboratories" to then inform the recipient that everyone else in the organization should place themselves into self-quarantine.

3-1024x692-1.jpg

The fake hospital email (Source: Bitdefender) Not surprisingly, recipients who opened the attached .IMG file did not find a picture of their staff infected with COVID-19. When opened, the .IMG file mounted as a DVD and revealed an executable file for the purpose of infecting the recipient's machine with malware.

Introducing the Scammy "U.S. Emergency Grants Foundation"

Among all other age groups, seniors are especially worried about COVID-19. That's what makes this next scam especially horrendous. WNCT 9 reported that the Better Business Bureau (BBB) Scam Tracker learned of a ploy on Facebook in which malicious actors told seniors that they could receive funds to help to pay for their medical bills. Individuals who clicked on the link provided in this Facebook post found themselves redirected to a website for a phony organization called the "U.S. Emergency Grants Federation." This site requested that visitors provide their Social Security Numbers for the purpose of applying for funding. But seniors who fell for this scam received no financial assistance. Instead, they unknowingly gave attackers the means to steal their victims' identities and commit secondary attacks.

This Is NOT a Legitimate Voucher Offer for Your Canceled Flight!

It's no surprise that digital fraudsters have begun to prey upon individuals whose' flights were canceled as a result of the coronavirus. Mimecast discovered one such ruse in which malicious actors used attack emails to offer fake flight refunds. The nefarious individuals specifically told recipients that they could collect a refund for their airline tickets by clicking on an embedded link.

Screen-Shot-2020-04-17-at-17.02.18.png

A screenshot of the fake flight refund email (Source: Mimecast) According to The Register, the campaign directed users who clicked on the link to a refund form that prompted users to submit their personal information, mobile phone number, email address and payment card information. It then delivered the victim's data to the attackers. This gave nefarious individuals the ability to conduct credit card fraud and identity theft, among other attacks.

IE Users, Beware of This COVID-19 Malvertising Campaign

Last but not least for this week, Avast revealed that it had spotted a new malvertising campaign. This operation capitalized on the fear surrounding the global COVID-19 outbreak to target Japanese and South Korean users in particular. As quoted in its research:

On March 26, 2020, the bad actors behind the campaign registered the domain covid19onlineinfo[.]com, and have since rotated the domains the exploit kit is hosted on, registering about six domains a day in an attempt to evade antivirus detections.

Using these domains, the malvertising operation attempted to exploit vulnerabilities in older versions of Internet Explorer. It did this in order to distribute Kpot v2.0, an information/password stealer. Have you seen a coronavirus-themed scam? If so, let us know by reaching out on Twitter.

Check out our other COVID-19 scam roundups below!

Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!