18 Mar 2020
When the World Health Organization (WHO) designated COVID-19 a ‘pandemic’ earlier this month, it understandably left out another concern linked to the outbreak: how financial crooks might exploit it. Whether it is this virus or another in the future, the significant attention and panic that comes with such outbreaks can provide unscrupulous individuals with a new means to exploit others.
By definition, “panic” is “a sudden strong feeling of fear that prevents reasonable thought and action,” and this is exactly what can aide criminals—a lack of reasonable thought or action from their victim.
Media reports show all manner of unreasonable action and advice, from panic-buying of toilet rolls to false information being spread that cocaine can cure the virus. Equally bizarre have been reports of inaccurate rumors spread on social media that ‘constant’ sexual intercourse could kill the Coronavirus. With global attention on the outbreak itself, criminals need only be successful with a fraction of their potential victims to take advantage of the unfortunate situation that has unfolded.
Financial Crime Threats
Currently, statistics on criminality related to the outbreak are limited. Aside from criticising the UK’s response to the viral outbreak, Action Fraud disclosed that it had received 21 reports of fraud linked to the virus last month, with victims’ losses totalling over £800,000. Ten of the reports involved the purchase of face masks from fraudulent sellers. One victim paid £15,000 for the (obviously non-existent) face masks, which never arrived.
The Action Fraud information also highlighted a common scheme that involved fraudsters emailing potential victims and pretending to be from organisations working with the WHO and CDC (Centers for Disease Control and Prevention). The fraudsters claimed to be able to provide a list of infected people in the victim’s area. The victims were then asked to click on links to malicious websites in order to obtain the lists and were at times asked to make payments in Bitcoin.
Recorded Future, the cybersecurity and threat intelligence company, released a report that found cybercriminals had been using phishing and malware to target victims in Italy, the United States, Ukraine and particularly Iran. among other nations. The company also noted that “at least three cases where reference to COVID-19 has been leveraged by possible nation-state actors”.
The report concluded that cybercriminals were using branding from known organisations, such as WHO and CDC, in order to convince victims to click on links or open attachments, much as Action Fraud separately described. The findings by Recorded Future also detail that, in line with the increase in the spread of the virus, there was an increase in newly registered domain names related to the Coronavirus as cybercriminals potentially realised the use of the “COVID-19 as a cyberattack vector”.
As the situation evolves, it is likely that criminals will also adapt their methods of targeting COVID-19’s victims. Whilst there is currently no cure for COVID-19 and many unfortunate souls have lost their lives, the simple action of thinking before acting could help fight another kind of outbreak that, while arguably less important though certainly damaging, can impact lives for years to come.
Dev Odedra is an independent anti-money laundering and financial crime expert. He has over a decade of experience in managing financial crime risk in the retail, corporate and investment banking sectors. His expertise covers investigations, advisory and controls implementation and improvement.
This article is expressing personal opinions and is meant for information purposes only. The article does not intend to replace professional or legal advice. It is recommended that readers seek independent professional or legal advice, or speak to authorised persons/organisations.
RiskScreen: Eliminating Financial Crime with Smart Technology
Advance your CPD minutes for this content, by signing up and using the CPD WalletFREE CPD Wallet