Annette Riedl | picture alliance | Getty Images
The authentic looking email from the World Health Organization isn’t real at all but rather clever spam meant to steal personal information.
Callers claiming to be Medicaid and Medicare representatives are offering so-called free COVID-19 tests — as long as you pay with a credit card for shipping.
And then there’s the Centers for Disease Control and Prevention asking for donations, except it’s not the CDC, but a fake website.
Corporate security and consumer officials say these recent examples to exploit the pandemic are just the beginning of a tsunami of fraud.
“Two ingredients of a good scam are fear and confusion, and we have both of those right now,” said Adam Garber, consumer watchdog at U.S. PIRG, a federation of public interest research groups. “So, it’s a playground for people who want to take advantage of others.”
IBM last week discovered a particularly malicious email spam campaign that mimics the World Health Organization. But that’s where it ends. “It is remarkable how threat actors play with the fears and hopes of their potential victims,” IBM’s internal security team said in an alert. “Speaking of prevention drugs and cures in an email that is spoofed to appear directly from the Director of the WHO, in this current situation is expected to be highly successful.”
The company’s alert said victims’ computers are infected and “face the loss of critical personal information. This can have even more damaging consequences once their financial information is stolen and exposed.”
According to an analysis by IBM’s X-Force, a security research team within IBM Security, the number one country where the coronavirus spam emails are coming from is Vietnam. That’s followed by the United States, China, India and Russia.
The spike from Vietnam followed a fake email campaign over the weekend that asked for contributions to a fake WHO bitcoin wallet.
“Criminals don’t care about geographic borders. When you have an established population that’s good with technology, you are going to have technological criminals as well,” said Charles Henderson, global managing partner for IBM who heads X-Force Red, an autonomous team of veteran hackers in the company’s internal security unit. The group discovers vulnerabilities for IBM clients.
Fake tests and products
Henderson has been monitoring coronavirus-related email spam for IBM’s corporate clients, which include health-care facilities. He said victims have paid scammers for a supposed COVID-19 test and then showing up at real hospitals.
“What they are being told was to pay for your test online and go to this health-care provider,” he said.
He predicted that the next wave of scams and spam would target businesses whose employees are largely working from home and potentially more vulnerable.
The FBI last week warned against phishing emails related to charitable contributions, general financial relief, airline refunds and fake cures, testing kits and vaccines.
“Look out for…