• Home
  • /
  • Fintech
  • /
  • COVID-19 outbreak gives rise to opportunistic scammers

COVID-19 outbreak gives rise to opportunistic scammers

Sibahle Malinga
By Sibahle Malinga, ITWeb senior news journalist.
Johannesburg, 19 Mar 2020

The South African Banking Risk Information Centre (Sabric) is warning bank consumers of cyber criminals exploiting the coronavirus (COVID-19) outbreak to spread an array of online scams.

According to the centre, scammers are exploiting people’s concerns and fear for their health and safety in light of the outbreak, falling victim to using social engineering tactics.

New COVID-19-related scams include spoofed e-mails and SMSes offering products such as masks, gloves or fake offerings of vaccines, leading to phishing Web sites.

These e-mails, according to Sabric, come from seemingly realistic and reputable companies, and manipulate people into clicking on links. Some of these Web sites prompt the user for personal information, which ends up in the hands of cyber criminals.

The SMS phishing method, more commonly known as smishing, tricks victims into clicking on a Web link disguised as information on a coronavirus outbreak in their area, in order to steal their credentials.

Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.

“Although some spoofed e-mails can be difficult to identify, we urge bank clients to think twice before clicking on any link, even if an e-mail looks legitimate. Any suspicious e-mails should not be opened and are best deleted,” says Sabric acting CEO Susan Potgieter.

Since the outbreak in the Chinese city of Wuhan in December, 225 254 COVID-19 cases have been reported, with 85 831 recoveries and 9 276 deaths, at the time of publication.

As the pandemic continues to spread across the globe, it is raising anxiety levels and criminals are using “coronamania” to fleece the unwary.

According to the ESET research team, this week Monday registered the biggest COVID-19-themed malware campaign the security firm has registered in ages.

A wave of 2 500 infections of two strains of malware were all delivered in COVID-19-themed fishing e-mails between 10am and 5pm on Monday, it says.

A report by intelligence firm Recorded Future warned of hackers posing as officials from the World Health Organisation (WHO). The hackers reportedly create fake Web sites and e-mail addresses, using logos of the WHO and the health ministries of national governments.

This new criminal practice has become so popular that the UK National Cyber Security Centre this week sent out a security alert warning people of the rise in coronavirus-related e-mail phishing

Meanwhile, SA’s National Treasury has warned suppliers not to fall victim to opportunistic scams exploiting the COVID-19 outbreak.

Criminals have been offering fake tender requests for quotations to unsuspecting companies.

In a statement, the department says: “The current environment of the COVID-19 virus has given rise to opportunistic scammers hoping to make a quick buck from companies who supply goods and services to government. National Treasury wishes to bring these to the attention of suppliers.”

Contracts are facilitated through National Treasury for organs of state to procure common goods and services, said the department.

Sabric urges bank clients to take note of the following tips to protect themselves:

  • Do not click on links or icons in unsolicited e-mails.
  • Never reply to these e-mails. Delete them immediately.
  • Do not believe the content of unsolicited e-mails blindly. If you are concerned about what is being alleged in the e-mail, use your own contact details to contact the sender and confirm.
  • Check that you are on the authentic/real site before entering any personal information.
  • Do not click on links or icons in unsolicited SMSes.
  • Do not reply to these SMSes. Delete them immediately.
  • Regard urgent security alerts, offers or deals as warning signs of a hacking attempt.