Coronavirus Fraud Schemes Surge, as FBI, HHS OIG Advise Cyber Hygiene

March 24, 2020 - Bitdefender Labs have detected five times more Coronavirus-themed malware reports during March. And the FBI, the Department of Health and Human Services, and the Department of Justice have each begun warning organizations they’ve also seen an increase in COVID-19 fraud schemes.

On March 20, a Bitdefender report showed healthcare, government, and other verticals are increasingly being targeted with malware related to the pandemic. In fact, there’s been a 475 percent increase in malicious COVID-19 reports so far this month, compared with February.

So far, there have been 8,319 reports through March 16, compared with just 1,448 in February.

Bitdefender also noted hackers are impersonating the World Health Organization, NATO, and even UNICEF with phishing emails. The Office for Civil Rights recently urged healthcare providers to review Department of Homeland Security guidance, as hackers have been impersonating the World Health Organization in phishing attempts.

The report showed healthcare has been the fifth most targeted sector, behind hospitality, governments, education and research, and transportation. But health ministries are being targeted within the government targets. The US was the second-most targeted country, behind Italy.

READ MORE: Best Practice Cybersecurity Methods for Remote Care, Patient Portals

Notably, the HHS network and the Champaign-Urbana Public Health District in Illinois have both been targeted within the last two weeks, as the pandemic worsens.

GreatHorn researchers have also reported an increase by seven times Coronavirus phishing schemes between January and February. And in March, so far, there have been 15 times more phishing attempts than in January. In fact, the COVID-19-related attempts accounted for 1.5 percent of all mail.

“These campaigns were likely mostly targeted at countries that have started suffering an increase in Coronavirus infections, leveraging the fear on everyone’s mind,” Bitdefender researchers wrote. “With officials struggling to come up with plans and quarantine procedures, threat actors seem to have mobilized quickly and started luring victims with the promise of new and exclusive information on protection procedures.”

“In healthcare, hospitals & clinics, pharmaceutical institutions, and distributors of medical equipment, were mostly targeted, potentially with messages of procedures that need to be taken, drugs that could work on preventing or treating infection, and even medical supplies that were allegedly still in stock,” they added.

Malicious actors are relying heavily on impersonation techniques. The FBI, HHS OIG, and DOJ have all warned of the increase in these attacks and are urging organizations and users to avoid clicking on links or opening attachments. The FBI has also seen hackers impersonating the Centers for Disease Control and Prevention.

READ MORE: Security Firms Offer Ransomware, Security Assistance During COVID-19

Users should keep watch for emails claiming to be from federal or global organizations offering information or resources about the pandemic. Hackers are also sending emails asking users to verify personal information in order to receive an economic stimulus check from the government.

The FBI has also seen phishing emails claiming to ask for charitable contributions, general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits. Organizations should also be cautious of individuals selling products that claim to prevent, treat, diagnose, or cure the Coronavirus.

“Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves,” the FBI warned.

“Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received,” the FBI warned. “While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money.”

The FBI also reminded organizations that the CDC and coronavirus.gov, as well as primary care physicians will have the most accurate and up-to-date information about the virus.

READ MORE: OCR Shares COVID-19 Cyber Scam Advice, as Hackers Impersonate WHO

Further, organizations should be employing standard cyber hygiene and security measures, including not providing credentials or other personal information in response to an email or a robocall, verifying the web address in emails and manually typing them into a web browser, and checking for misspellings or wrong domains.

OIG HHS is also warning beneficiaries to be wary of unsolicited requests for their Medicare or Medicaid numbers, as well as any unexpected calls or visitors offering COVID-19 tests or supplies. Users whose information has already been compromised in an earlier breach may see their information used in other fraud schemes.

Attorney General William Barr also added to the call for vigilant COVID-19 fraud monitoring and asked all organizations to report suspected fraud schemes to the National Center for Disaster Fraud. All US attorneys are being asked to prioritize investigations and prosecutions of Coronavirus-related fraud schemes.

DOJ is warning threat actors are posing as businesses selling fake cures for COVID-19, sending phishing emails from WHO and CDC, and deploying malicious websites and apps that appear related to the Coronavirus, but lock access to devices until a payment is received.

Cybercriminals are also posing as illegitimate or non-existent charitable organizations seeking donations. DOJ also warned against medical providers accessing patient information for COVID-19 testing, then using that information to fraudulently bill for other tests and procedures.