Cybersecurity firm documents record-breaking scam activity during pandemic
Bolster documented a massive spike in both phishing and website scams, detecting 854,441 confirmed phishing and counterfeit websites, 30% of which were COVID-19 related, in addition to another four million suspicious pages.
ABC News – As the coronavirus pandemic has spread around the world, cybersecurity experts are tracking “record-breaking” levels of cybercriminal activity, according to a new report released by the cybersecurity firm Bolster on Wednesday.
In the first quarter of 2020, Bolster documented a massive spike in both phishing and website scams, detecting 854,441 confirmed phishing and counterfeit websites, 30% of which were COVID-19 related, in addition to another four million suspicious pages.
Many of the COVID-19 scams – whether they are emails or websites offering fake coronavirus cures or bogus stimulus checks – share a common denominator, according to Shashi Prakash, Chief Scientist of Bolster.
“We’re seeing the scammers morphing their techniques with different kinds of scams to target people,” Prakash told ABC News.
The flood of scams has spurred law enforcement to take action. The Justice Department announced on April 22 they had disrupted “hundreds” of online COVID-19 scams after a cooperative effort between local law enforcement and private-sector companies based on more than 3,600 complaints sent to the FBI’s Internet Criminal Complaint Center (IC3) since the start of the crisis.
Some of these scams weaponize misinformation. Despite the Food and Drug Administration’s warning that hydroxychloroquine is considered neither safe nor effective for treating COVID-19, Bolster counted 1,092 websites hawking hydroxychloroquine as a cure in March alone. These sites might sell real but possibly dangerous medication, phish for sensitive information, or just spread false information.
Other online scams prey on economic insecurity. In response to the current economic downturn, the Treasury Department sent out stimulus checks to Americans to provide economic relief as part of a $2 trillion stimulus package signed into law on March 27. Meanwhile, according to Bolster, scammers registered over 145,000 suspicious domains with the term “stimulus check.” And from February to March, Bolster found a 130% increase in websites claiming to offer small business loans.
The FBI announced last month that it had “identified a number of look-alike IRS stimulus payment domains.” To prevent further use of these domains, the FBI alerted numerous domain registries to their existence.
“The people who are creating these sites,” Prakash said, “they can keep changing their techniques and tactics and that’s not going to stop until we actually find them and stop them.”
To maintain security online, experts recommend using a combination of strong passwords, two-factor authentication, and up-to-date virus protection software. They also recommend being particularly cautious by verifying if a site or email is legitimate and only going to official sources or authorities for information.
Burley warned that as states start to reopen – putting a host of new challenges in front of consumers – corresponding criminal activity will emerge.
“Anything that becomes of great need, whether it’s a product need or informational need,” Burley said, “we can bet that criminals will see that as well and that they’ll try to take advantage of it.”