COVID-19 Scam Roundup

The following is from the State of Security and written by David Bisson and published on March 23, 2020, and I thought it was worth sharing as the same frauds or variations of them will be tried in Canada.

Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between March 1 and March 13, 2020. Between March 14 and March 18, 2020, the United Kingdom’s national fraud reporting center collected 38 reports alone.
Those 105 reports represented a collective total of £970,000 in losses.
Acknowledging this growing surge in fraud attempts, we at the State of Security feel it’s important to keep our readers informed about what some of these latest coronavirus-themed attacks look like. Towards that end, let’s take a look at a few COVID-19 scams that made headlines this past week.
Red Cross Impersonators Selling COVID-19 Home Tests
Snopes.com learned of a scam in which fraudsters impersonated Red Cross volunteers in an attempt to victimize concerned individuals. These attackers said that they were working for Red Cross and that they were offering COVID-19 home tests door-to-door.
In the case someone fell for the ruse, these malicious actors could have fraudulently charged their victims for a test that they never administered. They could have also simply robbed their victims upon gaining entry to their homes.
The Red Cross confirmed to Snopes.com that it is not instructing victims to visit people door-to-door:
The Red Cross is not going to people’s homes to offer coronavirus tests. If someone comes to your house claiming that they work for the Red Cross and that they’re authorized to do coronavirus testing, do not allow them in your home. Our most important guidance is for people to please be safe. Should such an incident occur, we ask that you call the police as soon as possible.
Fake WHO Advice Delivers HawkEye Infostealer
On March 19, 2020, IBM X-Force detected a campaign that emitted several waves of phishing emails purporting to originate from the World Health Organization (WHO) as a whole or from Dr. Tedros Adhanom Ghebreyesus, Director-General of WHO.
Info-Stealer disguised in a mail from the General Director of the World Health Organization (Source: IBM X-Force)
The emails instructed recipients to open an attachment for the purpose of receiving updated instructions on how to fight the coronavirus. This attachment was an archive that, when opened, revealed “Coronavirus Disease (Covid-19) CURE.exe.” When run, this executable loaded HawkEye, a keylogger which is capable of intercepting keystrokes, stealing credentials, taking screenshots, and exfiltrating its stolen data.
Extortion Emails that Threaten to Infect You with Coronavirus
The Sophos Security team learned about a phishing email scam in which digital attackers claimed to know “every dirty little secret” about their recipients. They tried to prove it by sharing one of the recipient’s passwords that no doubt appeared in a data dump pasted from a recent breach on an underground web forum. They then demanded that the recipients pay $4000 in bitcoin to have the attackers delete their data.

For those who refused, the malicious actors threatened to infect their entire family with coronavirus. They didn’t specify how they’d accomplish this. But they did give a curiously worded assurance: “No matter how smart you are, believe me, if I want to affect, I can.”
Those behind the campaign also threatened to disclose the recipient’s secrets and thereby “completely ruin [their] life.”
Hoax CDC Calls Asking People to Reserve COVID-19 Vaccines
The Daly City Police Department in California recent learned of a call-based scam abusing COVID-19 as a lure. In a tweet posted on Twitter, they warned that people impersonating the Centers for Disease Control and Prevention (CDC) had begun calling people and urging them to “reserve a vaccine for the COVID-19” with a credit card. Some of these individuals event went so far as to ask their targets to provide them with their Social Security Number.
New scam: People are claiming to be from the CDC offering to let people "reserve a vaccine for the COVID-19" with a credit card and/or social security number. There is no vaccine reserve program, and the CDC is not offering anything of the sort. Do not fall prey!
As Daly City Police warned, the CDC is making no such offer. There is also currently no vaccine for COVID-19.
Scams Promising $1K Checks for Economic Relief to Pandemic
Last but not least for this week, WCNC learned of a scam that used the economic fallout of the coronavirus to prey upon unsuspecting individuals. The scam specifically sent out attack emails that capitalized on legislation in which every American adult would receive $1,000 checks as part of a $1 trillion stimulus package responding to COVID-1, as reported by the New York Times.
This legislation had not received approval from Congress at the time of writing. But in this particular scam, the malicious actors claimed that their targets’ checks were already waiting for them. All they needed to do was to over their personal information, bank account data and Social Security Numbers—nearly everything they needed to perpetrate identity theft.
Staying Safe Against Coronavirus-Themed Scams
In response to the slew of new reports it’s seen since the beginning of February, Action Fraud urged people to research a company or person online before agreeing to a purchase of a good or service pertaining to COVID-19. They also recommended that they update their devices, never respond to unsolicited requests for personal and/or financial information (even if conducted via phone or in person) and exercise caution around suspicious links and email attachments