Coronavirus Victims of a Different Nature: the Targets of COVID-19 Cyberthreats


By Dr Leslie F Sikos, Edith Cowan University, Australia

The novel coronavirus disease (COVID-19) outbreak, declared by WHO as a global pandemic on 11 March 2020, resulted in panic, uncertainty, and fear, which are exploited by threat actors for phishing and data exfiltration, and malware distribution. In addition, the massive increase of remote workers, many of whom apply poor security measures on their computing devices, opened new avenues for exploitation. Opportunistic fraudsters distribute misinformation and fake safety advice, often with malware, request personal data for providing allegedly up-to-date information on COVID-19, or try to convince people to perform financial transactions, in particular through purchasing bogus products (fake cures). For example, a purported COVID-19 alert, seemingly sent by the WHO, is actually a spam that distributes a new variant of the HawkEye keylogging malware.

As INTERPOL warned about financial fraud linked to COVID-19, “criminals are exploiting the fear and uncertainty created by COVID-19 to prey on innocent citizens who are only looking to protect their health and that of their loved ones”. The list of cyberthreat types associated with coronavirus includes a wide range of fake products and scams, from bogus Starbucks gift cards to vacation scams, and from bogus property rentals to mobile apps, such as CovidLock, which seemingly serves the purpose of tracking the spreading of the coronavirus, but is actually an Android ransomware. ZDNET reported that thousands of COVID-19 scam and malware sites have been created. This is already evidenced by legal actions, such as the restraining order of the US Federal Court against a website offering fraudulent coronavirus vaccine, however, many of such websites are live and their number is still on the rise.

In Australia, Scamwatch of the Australian Competition and Consumer Commission (ACCC) received reports of COVID-19-themed scam texts sent to members of the public. Telstra warned people about fake SMS messages sent on COVID-19 testing, and reported scammers providing fake phone support by pretending to be a staff member of Telstra, NBN, or Microsoft. 9News reported flight cancellation scams, while Moneysmart of the Australian Government warns about superannuation scams. In New Zealand, the Financial Markets Authority (FMA) reported investment scams related to goods in great demand, such as sanitary products. Fake coronavirus maps are emerging, along with text message scams and phishing emails claiming to have updated COVID-19 information.

In China, online scammers taking advantage of the community fears created a shortage of face masks, while a social engineering attack has been impersonating the Mongolian Ministry of Foreign Affairs in the form of press briefings. In Hong Kong, the police force issued a scam alert due to phone scammers posing as government officials telling “anomalies” in their health, only to try them divulge their bank details. In South Africa, a scam appeared about the Reserve Bank allegedly collecting “contaminated” banknotes and coins. In Europe, rogue traders started advertising and selling products, such as hand sanitisers to consumers, putting the European Commission on high alert. In the US, government-issued relief fund (stimulus package) emails have been circulated, asking for personal information, and scammers try to trick people into reserving a COVID-19 vaccine over the phone. Other types of cyberthreats include fake fundraising and scammers impersonating the WHO for donations, and COVID-19 testing kit scams. According to YouMail, Americans receive 1M+ robocalls daily, some of which offer non-existing at-home coronavirus testing products. In Canada, scam sites selling cleaning products to “super-clean your house or office” appeared along with, according to the Canadian Anti-Fraud Centre, “special” air filters to protect from COVID-19; fake lists of COVID-19-infected people in the vicinity, seemingly from the Centers for Disease Control and Prevention; and fraudsters posing as agents of the Public Health Agency of Canada, tricking victims into confirming health card and credit card numbers for a prescription.

These are just some of the examples of cyberthreats related to COVID-19, the variety of which makes it necessary to be sceptical and vigilant, and never click on suspicious links or open suspicious attachments. Having security protection (antivirus, firewall, frequent updates, multi-factor authentication, regular backups, using company VPN, etc.) for our computing devices is fundamental, but this has to be complemented by user awareness. As a general advice, look carefully to spot signs of scam including, but not limited to, wrong addresses, misspelled domains, and misleading URL names. Even if an email appears to be sent by a legitimate organisation, such as the government or the WHO, keep in mind that logos and branding can be faked, and email headers spoofed (e.g., appears to be sent from Requesting a payment related to COVID-19 via Bitcoin is always a red flag. Missing the appropriate license required for providing a financial service, whether banking, superannuation, or investment, can indicate fraud, which can be prevented by looking up the relevant government website, such as the ASIC website, and search for the company in question. Taking tough security measures to fight cybercrime related to the novel coronavirus pandemic is particularly important, considering its global presence and potential impact, and the exponentially increased number of people working from home in these hard times.

About the Author

Dr Leslie F Sikos, Edith Cowan University, Australia

Leslie F Sikos, PhD, is a computer scientist specialising in network forensics and cybersecurity applications powered by artificial intelligence and data science. He has industry experience in datacentre and cloud infrastructures, cyberthreat prevention and mitigation, and firewall management. He regularly contributes to cybersecurity research projects, and collaborates with the Defence Science and Technology Group of the Australian Government, CSIRO’s Data61, and the Cybersecurity Collaborative Research Centre. He is a reviewer of academic journals, such as Computers & Security and Crime Science, and chairs sessions at international conferences, and regularly edits books, on AI in cybersecurity. Dr Sikos holds professional certificates, and is a member of the IEEE Computer Society Technical Committee on Security and Privacy, and a founding member of the IEEE Special Interest Group on Big Data for Cybersecurity and Privacy.