The worldwide fear and uncertainty surrounding the novel coronavirus isn’t just being leveraged in malware and phishing attacks, as it has also enabled the spread of misinformation, fake cures and a variety of scams.
Last week, we reported on the rise in malware and phishing attacks using the COVID-19 virus, which continues to dominate headlines worldwide. As it remains top of mind, it’s no surprise that COVID-19 has become a hotbed for misinformation, scams and fake cures.
If you're selling fake cures for coronavirus, installing malware in apps designed for people to track the spread of the virus or posing as the CDC or WHO in phishing emails, the DOJ is coming after you. AG Barr directed all U.S. attorneys today to prioritize these prosecutions.— Mike Balsamo (@MikeBalsamo1) March 16, 2020
It’s become so problematic that the Attorney General of the United States has instructed the Department of Justice to prioritize prosecuting those responsible for distributing fake cures, malware and phishing attacks and other scams leveraging the coronavirus pandemic.
Cash App scammers leverage COVID-19
In October 2019, I wrote a blog series about opportunistic scammers targeting legitimate giveaways from Cash App, the popular person-to-person (P2P) payment application. In the months since, the scammers’ activities have continued, but with all the attention surrounding COVID-19, the Cash App scammers have started leveraging it as well.
Some Cash App scammers are simply adding the #coronavirus hashtag to their tweets in order to ride the hashtag.
In another instance, a Cash App scammer referenced the impact of the “Corona Virus” and how it is “cancelling” everything except “are (sic) bills.” They then propose their offer: $2,000 to the first 300 people to retweet their tweet, allegedly offering a grand total of $600,000 in a giveaway. This tweet also references another P2P application, Apple Pay. They reference it because not everyone uses Cash App, but there are a lot of Apple iPhone users. The tweet also includes the hashtags “#CoronavirusOutbreak” and “#CoronaVirusUpdate” instead of anything Cash App related.
Finally, another Cash App scammer uses both the “#COVID19” and “#CoronavirusOutbreak” hashtags along with a “#CashappMonday” hashtag. The tweet implies that because of the virus, they’re sending money to users. In this case, the first 500 people could receive anywhere between $300 to $1500. This tweet struck a chord with users on Twitter, receiving over 675 retweets and 963 likes at the time I observed it.
All three scenarios center around money flipping. The Cash App scammers claim they can flip transactions, turning a small denomination of $10 into $100, for example. They claim they can modify the transactions in post through the P2P application, whether it be Cash App, Paypal, Zelle, Venmo or Apple Pay. All they ask for is that the recipient share the initial cut with them for providing them this so-called service. As you might expect, the victims won’t receive anything in return. They’ll be left high and dry after parting ways with their money.
Misinformation around COVID-19 is a growing problem
Social media provides a valuable avenue for real-time information on current events, such as the situation surrounding COVID-19. At the same time, it enables the dissemination of misinformation.
The FBI & @LASDHQ seek info regarding the party responsible for posting a false document online suggesting coronavirus is present in #Carson, CA. @lapublichealth has declared document to be fake. Have info? Please contact the FBI at 3104776565 or LASD at https://t.co/tISMu6J02C pic.twitter.com/gw7XCuOBgU— FBI Los Angeles (@FBILosAngeles) February 10, 2020
In late January, a fake document began circulating that falsely claimed cases of COVID-19 were detected in the city of Carson, California. This document contained official logos of the World Health Organization (WHO), U.S. Centers for Disease Control and Prevention (CDC) and Los Angeles County Department of Public Health. The Los Angeles Police Department tweeted on February 10 that they were “seeking information” on the party responsible for spreading this misinformation.
Rumors of a nationwide quarantine in the United States
One of the biggest pieces of misinformation to circulate through text and social media are screenshots of text messages claiming that the United States will be instituting a nationwide shutdown or quarantine for an extended period of time. These text messages claim that the original author spoke to a relative or someone who had connections to someone “really high up in the government” or the CDC, as a way of legitimizing their claims.
While the premise varies, the intention is the same – spread misinformation about the possibility of a nationwide quarantine.
To set the record straight, the U.S. National Security Council (NSC) tweeted that these text message rumors were fake. “There is no national lockdown,” the NSC said.
Offers of fake COVID-19 test kits
In Toronto, Canada, there are reports that scammers have begun knocking on doors, claiming to offer COVID-19 test kits. This report was identified and debunked in a tweet from Toronto’s fire chief, Matthew Pegg.
We have reports of scammers going door to door (and now apparently online) in Toronto selling “COVID-19 test kits”. This is a total scam. For accurate info, go to https://t.co/TrjscAlgBM @cityoftoronto @TOPublicHealth @epdevilla @bradrossTO— Matthew Pegg (@ChiefPeggTFS) March 17, 2020
Fake messages from government agencies
The Australian Cyber Security Centre reports that Australians should keep an eye out for scam texts alleged to be from the Australian government, offering advice on “symptoms and when to get tested” along with a link to a website, http://covid19-info[.]online.
In our previous blog post about COVID-19, we referenced a report from Check Point Research that found that since January, 4,000 domain names including the word “coronavirus” had been registered. The example above supports that outside of “coronavirus,” scammers are registering domains containing “COVID19.” Creating domain names using phrases like coronavirus and COVID19 are used to present false legitimacy when sharing these as part of malicious emails, text messages or social media posts, so that when users receive them, they might be more inclined to trust them because they have these keywords in them. We expect more domains using these terms to be registered along with fake websites getting published, as scammers and cybercriminals continue to take advantage of the pandemic.
Unsolicited phone call scams
In Alberta, Canada, there are reports that Canadian residents are receiving unsolicited phone calls, claiming they have tested positive for COVID-19, followed by a request for credit card information.
In a tweet, Alberta Health Services debunked the claim, saying they would never ask for credit card information.
AHS will never call & ask for credit card information. Please hang up immediately and report by calling the non-emergency line for local law enforcement.— Alberta Health Services (@AHS_media) March 17, 2020
In Alameda County, California, the sheriff’s office was notified by a victim who received a phone call from a scammer claiming that a loved one had been diagnosed with COVID-19 and was in an accident on their way to a hospital. The scammer said this loved one was arrested and needed to be bailed out to the tune of $13,000. The scammer would “send a friend” to collect the bail money.
Coronavirus Scam: We had our first scam where victim received a phone call saying loved one had Covid-19 and was in accident on way to hospital. The loved one was arrested for accident and needed $13k bail. Suspect said they would send friend to pick up money. Be aware!— Alameda County Sheriff (@ACSOSheriffs) March 13, 2020
In Daly City, California, the police department says it is aware of scams where people are claiming to be from the CDC. These scams claim to offer reservations for a COVID-19 vaccine and require “a credit card and/or social security number.” The Daly City Police Department debunked these claims, saying there is no such “vaccine reserve program.”
New scam: People are claiming to be from the CDC offering to let people "reserve a vaccine for the COVID-19" with a credit card and/or social security number. There is no vaccine reserve program, and the CDC is not offering anything of the sort. Do not fall prey!— Daly City Police (@DalyCityPD) March 17, 2020
Fake offers of emergency money for essentials
With talk of an economic stimulus along with checks being sent to U.S. citizens to provide a boost during the COVID-19 pandemic, scammers have seized on this narrative.
A Twitter user named Austin tweeted an image of a text message claiming to offer “emergency money for groceries.”
The fact that some people are trying to capitalize on COVID-19 and use it as a way to scam others just shows how evil and heartless humans are, and it’s heartbreaking. pic.twitter.com/aV1KbiULdo— Austin (@Austin__13) March 17, 2020
Users who click the link in the text message are redirected to a website that claims to offer cash from as low as $1,000 to as much as $5,000.
Further information on the website reveals that it’s designed to put the visitors in touch with lenders to secure a loan. The scammers are likely referring users to this lender website to earn a referral bonus.
Work from home/job opportunity scams
The impact of COVID-19 has created challenges for those seeking work, while also adding uncertainty around existing work and the possibility of lost wages. As social distancing has been strongly encouraged by WHO and CDC, it makes it difficult to find work. As a result, this has become another area ripe for scammers, as they utilize COVID-19 to peddle job opportunity scams.
Brian Krebs recently reported that COVID-19 “widens the money mule pool” for scammers. A money mule is a person who transfers illegal money on behalf of criminals and keeps a commission fee for their efforts.
Krebs reports that a fraudulent website called Vasty Health Care Foundation, a fake Canadian foundation, copied most of its content from globalgiving.org. According to GlobalGiving’s chief product officer, Kevin Conroy, these fake job offers appear to be originating from job search websites like Indeed.com and Monster.com. While this report was focused on the fraudulent Canadian foundation, Krebs also learned that similar tactics are being employed to target Americans, according to Alex Holden, founder of Hold Security.
A Twitter user shared a post reportedly from the El Camino Police Department stating that students at El Camino College in Torrance, California, are being targeted by job opportunity scams “under the guise of working at home due to the COVID-19 outbreak.”
Fake cures and misinformation circulates on WhatsApp
One of the other major areas of concern surrounding the fear and uncertainty of COVID-19 are fake cures and other false information spreading through popular messaging applications like WhatsApp.
A lot of fake cures have been circulating through WhatsApp messages throughout India. An example of such a fake cure claims that a bowl of freshly boiled garlic water has proven to be effective.
Image source: Al Jazeera
Another viral WhatsApp message provides a so-called breathing exercise to help determine whether or not one has COVID-19. It also suggests taking “a few sips of water every 15 mins at least” because drinking liquids will “WASH them down through your oesophagus (sic) and into the stomach,” claiming that stomach acid will “kill all the virus.” These false claims have been debunked.
These are just some of the myriad of fake cures circulating on WhatsApp, from drinking lots of hot water, eating more ginger or increasing one's intake of vitamin C to more elaborate solutions.
Another WhatsApp message claims that placing cloves, cardamom, camphor and mace in a cloth and keeping it in one's pocket at all times is a remedy that will prevent “not just coronavirus, but no other virus will be able to harm you.”
A fake message claiming to be from the United Nations Children's Fund (UNICEF) mentions that avoiding ice cream and cold foods can protect against the virus. This message was debunked by UNICEF in a statement on their website from their deputy executive director for partnerships, Charlotte Petri Gornitzka.
Image source: Al Jazeera
Politico recently reported an audio recording was gaining traction through WhatsApp. The message claimed the Medical University in Vienna found patients who experienced the most severe symptoms from COVID-19 had been taking ibuprofen, a commonly used painkiller. This message was soon debunked by Johannes Angerer, spokesperson for the university. However, there are valid questions surrounding how ibuprofen affects COVID-19 patients, which are being looked into by the WHO.
Italy, which has been hit hard by COVID-19, has also seen an uptick in misinformation and fake cures being spread through WhatsApp, according to the BBC.
Fighting back against coronavirus scams and misinformation
As countries around the world fight back against COVID-19, the fear and uncertainty provides an excellent hook for scammers and peddlers of misinformation. We expect these will persist for quite some time.
The WHO has published information on the basic protective measures for the general public to combat the COVID-19 virus. The recommendations include:
- Wash your hands frequently
- Maintain social distancing
- Avoid touching eyes, nose and mouth
- Practice respiratory hygiene
- Seek medical care if symptoms (fever, cough, difficulty breathing) are present
Steps to take to help thwart misinformation, fake cures and scams around COVID-19
As we all work on our personal hygiene and practice social distancing, we can also play our part to help prevent the spread of misinformation and fight back against scammers.
- Seek out information from trusted sources. WHO, CDC and other local health organizations are the most trustworthy places to get your information about COVID-19. Additionally, trusted news sources can also be a great place to gather information.
- Be skeptical of phone calls and text messages around COVID-19. Scammers are counting on the fear and uncertainty around this virus to help fuel their efforts to steal money and sensitive information from unsuspecting individuals. Unsolicited phone calls and messages that you didn’t opt-in for are more than likely scams, so chances are you should simply ignore the messages.
- Recognize that work-from-home job opportunities are most likely scams. If you come across a job opportunity that claims you can earn lots of money by working from home, it’s likely fraudulent, especially if they ask you to transfer money and keep a cut for yourself. There’s no such thing as easy money.
- Consult your medical professional to get care. Offers to provide you with a test kit via door-to-door salesmen or over the phone are fake. If you have questions about your symptoms and are seeking advice about getting tested, contact your primary care physician. If your symptoms are severe, call your local emergency services.
- Avoid forwarding messages on WhatsApp or other social media about so-called cures or news related to COVID-19. The cures being shared around WhatsApp aren’t rooted in any science and should not be a replacement for the recommendations outlined above from WHO. Forwarding these messages helps disseminate misinformation. Be skeptical of news that’s also being shared across these platforms. Be sure to verify the news being shared with you to ensure it hasn’t been fabricated.
- Remember that on social media and text messages, free money isn’t free. Even with discussions about providing economic relief in the U.S., elaborate offers for money aren’t free. Scammers will ask you to provide some money upfront before they “flip” it into a larger denomination, but you won’t receive anything in return. Scammers will also try to direct you to websites to fill out surveys and/or install mobile applications, with the promise of earning some money in return. These are just ways to turn you into a cog in the wheel for the scammers to steal money from you.
This is just the beginning, not only for COVID-19, but for scams leveraging it. We fully expect these scams will continue to grow and change accordingly as new information is made available publicly. While we’ve tried to capture some common themes we’ve identified in misinformation and scams surrounding COVID-19, know there are many that we’ve not yet observed or contemplated. The best way to deal with this fact is to remain skeptical.
Join Tenable's Security Response Team on the Tenable Community.