Cybercriminals Exploit Contact-Tracing Efforts for Profit

We're living through a pandemic that shows no sign of slowing down. COVID-19 has gripped the world. In an attempt to slow the spread of Coronavirus, many countries have introduced contact-tracing efforts.

Once you identify a case, you track everyone who might have had contact with the recognized carrier. After the proper authorities find these people, they give them advice on what to do – self-quarantine at home, go to a hospital, and so on. The endeavor has been hailed as a success as it has helped to reduce the spread of the disease significantly, and in some countries – altogether.

Fig.1
Representation of how a contact tracing app works. Source: ichef.bbci.co.uk

For example, New Zealand has been so efficient with the use of contact-tracing that (at the time of writing this article), they have gotten their active cases down to zero. The technique has many positives and has proved that it helps to protect and save lives. Naturally, cybercriminals have begun to exploit it for their malicious purposes.

Texts – the Crooks' Chosen Method of Deception

Cybercrooks have started sending texts, masking them as contact-tracing messages. Their objective is to dupe people into handing over their private data, so the crooks can then use it as they see fit.

The hackers pretend to be contact tracers, send a bogus text with false information that contains a link. You get urged to click said link, and once you do, you get asked to provide personal details. That's not the first scam crooks have employed during the pandemic, exploiting people's fear of Coronavirus, and it will likely not be the last. As you can see below, spam campaigns are on the rise, targeting more than a few countries.

Fig.2
Countries most targeted by Coronavirus spam. Source: Cdn.statcdn.com

Fig.3
The rise of global email scams related to COVID-19 from March 06 to March 22. Source: news.sophos.com

The messages they send, aim to convince you that you got into contact with someone, who tested positive for Coronavirus. Supposedly, once you click the link and provide your information, you'll be doing a good thing, the right thing. It's the lie that cybercriminals try to feed you. Your vigilance is crucial when it comes to this scam.

Before clicking anything or offering any private data, make sure that you're not getting duped. There are a few telltale signs you can look for, like poor grammar, lack of or misplaced punctuation, and that's to name a few.

There are a lot of red flags, and you can spot them if you look for them. Be attentive, and also, the Federal Trade Commission (FTC) recommends you enable multi-factor authentication for every account you have. It won't hurt to have one, and it's something that will help you if you fall victim to a 'worst-case scenario.'

No One Is Safe from This Scam – It's Global

Scammers have been targeting people worldwide. The Chartered Trading Standards Institute (CTSI) has sent out warnings to UK residents about a phishing scam related to a contact-tracing app. In the USA, New Jersey also has officials stating that one such sham has made the rounds. And, in recent weeks, has claimed thousands of victims, resulting in thousands of reports on the contact-tracing scam. In another state, Ohio, there were reports of such a fraud in Cuyahoga County. Apps, texts, crooks don't seem to be slowing down with their shams.

The FTC has released several guidelines to help people combat the scammers and not fall victim to them. They showed an example of a bogus phishing text, which you can see below.

Fig.4
Example of a false contact-tracing text, made by a scammer. Source: ftc.gov

Their guidelines are as follow:

Here are several other steps you can take to protect yourself from text scammers.

  • Protect your online accounts by using multi-factor authentication. It requires two or more credentials to log in to your account, making it harder for scammers to log in to your accounts if they get your username and password.
  • Enable auto-updates for the operating systems on your electronic devices. Make sure your apps also auto-update so you get the latest security patches that can protect from malware.
  • Back up the data on your devices regularly, so you won't lose valuable information if a device gets malware or ransomware.

Source: ftc.gov

They even offer assistance on how you can implement filters on your phone, so you avoid getting bombarded with fraudulent texts.

There are several ways you can filter unwanted text messages or stop them before they reach you.

  • Your phone may have an option to filter and block messages from unknown senders or spam.
  • Your wireless provider may have a tool or service that lets you block text messages.
  • Some call-blocking apps also allow you to block unwanted text messages.

Source: ftc.gov

The FTC also offers general warnings about Coronavirus scams and ways to protect yourself from them.

AVOID CORONAVIRUS SCAMS

  • Don't respond to texts, emails, or calls about checks from the government. Here's what you need to know.
  • Ignore offers for vaccinations and home test kits. Scammers are selling products to treat or prevent COVID-19 without proof that they work.
  • Be wary of ads for test kits. Most test kits being advertised have not been approved by the FDA, and aren't necessarily accurate.
  • Hang up on robocalls. Scammers are using illegal robocalls to pitch everything from low-priced health insurance to work-at-home schemes.
  • Watch for emails claiming to be from the CDC or WHO. Use sites like coronavirus.gov and usa.gov/coronavirus to get the latest information. And don't click on links from sources you don't know.
  • Do your homework when it comes to donations. Never donate in cash, by gift card, or by wiring money.

Source: ftc.gov

Follow the guidelines, be cautious, and protect yourself from cybercriminals and their malicious motives.

June 18, 2020

Leave a Reply