Cybercriminals Launch Thousands of COVID-19 Scam Sites

Businesses Face Threats from Surge in COVID-19 Scam Sites

With new COVID-19 scam sites being launched daily, business leaders are tasked with ramping up cybersecurity. The time is now to enlist a third-party expert.  

While billions of people around the world combat the pandemic, despicable cybercriminals design thousands of COVID-19 scam sites to breach personal devices and business networks. Recent reports indicate that hackers are ramping up their nefarious efforts by launching maliciously-laced coronavirus websites by the thousands.

According to a list compiled by a cybersecurity specialist published online, upwards of 3,600 coronavirus domains were launched over four days in March. The previous month averaged only about 10 per day.

“ZDNet has spent the past two days looking at some of these domains, at random. While we found some legitimate sites here and there, in nine out of ten cases, we found a scam site peddling fake cures, or private sites, most likely used for malware distribution only to users with a specific referral header,” according to Catalin Cimpanu.

These themed scam sites are hubs to launch phishing and financial fraud schemes. Many websites offer phony COVID-19 vaccines, immunity boosters, and overnight test kits, among others. While new scam sites tended to be relatively passive and commonplace, cybercriminals are adapting to the fact that people are catching on to their methods.

Cybercriminals Ramp Up COVID-19 Scams

When the COVID-19 pandemic began to spread globally, digital thieves routinely targeted individuals and businesses where outbreaks occurred. The conventional thinking was that people were vulnerable due to fear, lack of information, and gaps in cybersecurity. These are commonly used scams that officials and cybersecurity experts have uncovered.

• Phishing Emails: These malware delivery systems are leveraging COVID-19 themes that include false news reports, and health agency guidelines, among others. It’s crucial only to visit official sites for factual information such as the CDC.
• Malicious Apps: The Apple App Store and Google Play have reportedly identified and removed COVID-19 apps that were laced with malware. One of the remaining outliers includes ransomware called COVIDLock.
• Suspicious Domains: According to Check Point’s Global Threat Index, recently created coronavirus, COVID-19, or websites with related names are 50 percent more likely to be scams.

Digital thieves discovered long ago that endpoint device vulnerabilities often provide cybersecurity gaps that can be leveraged for profit. That’s mostly why hackers are targeting business networks by employing complex schemes to build a worker’s confidence enough to go to a website, input personal data, and click on a link. According to mobile malware analyst Lukas Stefanko, Android users are seeing a concerted effort by hackers to insert ransomware in devices.

What Is Being Done To Combat COVID-19 Scams?

Government agencies are also keenly aware that cybercriminals are profiteering from human suffering. Both the Federal Trade Commission (FTC) and the Food and Drug Administration (FDA) have issued warnings about coronavirus scams. The FTC website offers these cybersecurity guidelines to avoid COVID-19 breaches.

• Ignore online offers for vaccinations and home test kits. Scammers are trying to get you to buy products that aren’t proven to treat or prevent the Coronavirus disease 2019 (COVID-19) — online or in stores. At this time, there also are no FDA-authorized home test kits for the Coronavirus.
• Know who you’re buying from. Online sellers may claim to have in-demand products, like cleaning, household, and health and medical supplies when, in fact, they don’t.
• Don’t respond to texts and emails about checks from the government. The details are still being worked out. Anyone who tells you they can get you the money now is a scammer.
• Don’t click on links from sources you don’t know. They could download viruses onto your computer or device.
• Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying they have information about the virus.
• Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.

Business leaders are urged to update and implement disaster recovery strategies, secure endpoint devices, and enhance remote workforce cybersecurity. The impact of COVID-19 scams could prove fatal for companies struggling through the health crisis.

David Williams

BIOS Technologies’ mission is to deliver superior IT support to the SMB market in the New Orleans Metro Area. We focus on companies that understand the business/security risks of unmanaged technology and want to maximize efficiency and profitability.