The COVID-19 pandemic has caused an alternate pandemic of online scams. Barracuda, a provider of cloud-enabled security solutions, recently recorded a 667% increase in phishing attacks this year. Gmail also reported that 18 million of the 100 million phishing emails it blocks daily are now COVID-19-related. These types of scams have become a cross-border issue affecting every region on earth.
The phishing emails tend to be prey on the anxieties of the pandemic, claiming to sell protective masks at discounted prices or pretending to be a well-known institution desperately asking for donations. Over the coming weeks and months, we will be following cybersecurity developments amidst the COVID-19 pandemic. This week, we look at some of the scams already circulating in East and Southeast Asia.
In Japan, several security companies have pointed to an increase in phishing emails that claim to be from the World Health Organization (WHO), luring people to open an attachment that supposedly contains the latest COVID-19 measures or how to access discounted masks. Instead, the attachment contains malware, often Trickbot or Emotet. Similar phishing scams are circulating on the instant messenger Line, which is used by over 60% of Japan’s population.
Online threats have risen by 82.5% in Malaysia. In one scam, two people lost nearly US$10,000 trying to buy 700 boxes of face masks after seeing an advertisement on Facebook. In addition to phishing emails, data breaches and DDoS attacks targeting local businesses have accounted for 18% of reported cases during the lockdown.
“Technical support” scams, in which scammers impersonate technical support staff to steal private information, are not new and are common worldwide. However, Singaporean police have reported a rise in such cases, with nearly US$3.2 million lost within the first quarter of 2020. The police noted some scammers had taken advantage of the COVID-19 pandemic, deceiving victims who are working from home into believing their WiFi has been compromised.
The National Bureau of Investigation Cybercrime Division and the central bank of the Philippines have recorded a 100% rise in scams during their lockdown. Among the scams mentioned are phishing attacks and soliciting of donations for COVID-19. Authorities also arrested a man who forged the signature of President Duterte and sold fake quarantine passes, which are required to go out to buy essential goods.
One unusual scam in India has been the sale of the world’s tallest statue, the Statue of Unity, which stands nearly twice the height of New York City’s Statue of Liberty. Scammers were attempting to sell the figure for US$4 billion, claiming proceeds would go to help the Gujarat state government fight COVID-19. Other scams include free mobile phone packages and Netflix subscriptions. In total, the Ministry of Home Affairs says there has been an 86% rise in cybercrime over March.
Am I at risk?
People well-versed in the internet may believe they are immune to phishing scams. We often send clunky phishing emails to the junk folder ourselves – how could they fool us? Each year these scams are becoming more sophisticated, and it could only take one curiously convincing email for you to fall victim. We can no longer always expect phishing emails to be poorly written or formatted. When reading emails, always remember:
- If you are receiving an email from an organisation that you are already a customer of, they will most likely address you by name, not “user,” “customer,” “client,” etc.;
- Check if the email is sent from a public email domain. Remember, you can set whatever display name you want for an email, so you have to check the email address to confirm authenticity. If you are unsure of the legitimate domain for an organisation, search for the organisation in a search engine;
- Check links in the email without clicking on them. Scammers often rely on subdomains to divert attention from those they are trying to scam, e.g. covid-19.scamwebsite.com. In this case, the scammer hopes you will focus on the first part of the domain and not notice the second part;
- Phishing emails may also use buttons to mask their links. You can hover over buttons to see where they link to without clicking on them;
- You should be vigilant of any attachments, so please verify the authenticity of the email using the measures above if you are sent any attachments from an unknown sender;
- Also, be watchful of emails that are trying to sell you something. Always buy from reputable suppliers;
- Make sure your operating system and any anti-virus software you use are up to date. If you do not, you could be vulnerable to the latest malware circulating online.
If you find a scam, you can report it to your national anti-fraud agency. The Europe Commission also has an anti-fraud office, which you can access here.