Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/23/2020
05:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Why Consumers, SMBs Are Likely to Fall for Coronavirus Scams

Data reveals both a lack of skepticism and a willingness to engage with emails crafted to seem like government communications.

Consumers' and small-business owners' expectations and attitudes toward government communications could make them more susceptible to coronavirus-related cybercrime, new data shows. An overall lack of skepticism combined with a willingness to engage may increase their risk.

It's no secret fraudsters are shifting their strategies to exploit fears related to COVID-19. Since the World Health Organization (WHO) declared a pandemic on March 11, IBM X-Force has seen an increase of more than 6,000% in COVID-19-related spam. Phishing lures aim to manipulate people with impersonations of the Small Business Administration, WHO, and US banks offering relief funds. The FBI's IC3 has also published an advisory warning people of a rise in online extortion scams.

To learn the effectiveness of these scams, IBM Security and Morning Consult polled 2,333 small-business owners and members of the general population in early April. Their "2020 Consumer & Small Business COVID-19 Awareness Study" revealed many people lack an understanding of the ways government officials communicate with the public, as well as resources available to them.

Despite years of warnings from the IRS, law enforcement, and the security community stating the IRS will never email individuals about tax filings, 35% of respondents said this is how they expect to receive IRS communications. One-third expect the same for WHO communications. Overall, 46% expect official information related to COVID-19 to arrive via email. More than half (57%) of small-business owners also expect official virus-related information to arrive via email. 

"The one big takeaway from this survey for me is the lack of skepticism and willingness of consumers and small-business owners to engage with emails and the misunderstanding of how they would receive communications," says IBM X-Force threat researcher Ashkan Vila.

The threats are similar for small businesses and consumers alike, Vila explains. Attackers are after credentials and sensitive data, and coronavirus fears make it easy for them to persuade victims with urgency and promises of money. They no longer need to be creative to succeed.

"Before the COVID-19 pandemic, we were seeing spam campaigns that didn't have much of a theme or focus and trying to lure as many people as possible," Vila says. "Now the pandemic has opened up a larger opportunity for cybercriminals to capitalize on people's fears and uncertainty and their desire for information on COVID-19 as things are rapidly changing."

Stimulus checks, which have recently begun to roll out to Americans, are a powerful lure. More than half (52%) of IBM Security's respondents said they would click on links or open attachments related to their stimulus check eligibility. The number is higher among the millions of people now unemployed: Nearly two-thirds (64%) of adults who recently lost their jobs would be most likely to engage with an email related to stimulus relief. IBM X-Force has identified several spam campaigns offering financial relief through stimulus payments, as well as notifications of money transfers.

Emails often include realistic logos and spoofed websites. One mimics an American Express email and offers $2,400 in stimulus relief but requires authentication to claim it. Another spoofs Wells Fargo and offers victims a payment from another customer if they verify their accounts.

The rise in coronavirus-related fraud is worrisome, as data indicates people are likely to fall for it. Nearly two-thirds (65%) of individuals said they feel "very" or "somewhat" comfortable sharing personal information with healthcare services; 64% said the same for banking and insurance firms. Nearly 60% said they feel comfortable sharing data with federal government agencies. These numbers were about the same for small-business owners, IBM researchers report.

Some spam campaigns impersonate the SBA and promise government relief funds to small businesses, nearly 40% of which believe they have been targeted with COVID-19 spam emails. Uncertainty surrounding the availability of small-business loans creates new opportunities for attackers. More than 40% of SMBs said they are unfamiliar with the government's small-business loan program, and more than 60% said they would engage with an email about stimulus relief. For both groups, COVID-19 testing was the next most popular lure they were likely to interact with.

As more people rely on their smartphones for email, it raises the likelihood they'll fall for these attacks, Vila points out. It's tougher to detect spam on your phone because it takes more steps to view email address details, and you can't hover over links to see where they lead.

"The pandemic has filled people with fear and uncertainty on the situation, also making people more susceptible to fall for these threats," he says.

Not the Only Ones At Risk
Consumers and small businesses aren't the only populations seeing an uptick in COVID-19-related cybercrime. Google's Threat Analysis Group (TAG) has identified more than a dozen government-backed attack groups using COVID-19 as bait in phishing and malware campaigns.

One campaign targeted personal accounts of US government employees, using American fast-food franchises as phishing lures. Some promised free meals and coupons in response to the pandemic, while others prompted victims to access websites disguised as online ordering platforms. Those who accessed the websites were asked for their Google account credentials. Most of these emails were sent to spam, Google points out, and users were warned of the threat. 

National and international health organizations, as well as the people who work there, are also prime targets. Attackers are capitalizing on these to trick people into downloading malware. Google says it is not seeing an increase in phishing attacks by these government-backed groups – in fact, March brought slightly lower attack numbers – but it is seeing a shift in strategy.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "5 Ways to Prove Security's Worth in the Age of COVID-19."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
GDPR Enforcement Loosens Amid Pandemic
Seth Rosenblatt, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4306
PUBLISHED: 2020-05-29
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 17...
CVE-2020-4352
PUBLISHED: 2020-05-29
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
CVE-2020-4490
PUBLISHED: 2020-05-29
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 18...
CVE-2020-5572
PUBLISHED: 2020-05-29
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
CVE-2020-5573
PUBLISHED: 2020-05-29
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.