Online Exclusive

Coronavirus fraudsters add to the anxiety and misery



The growing pandemic of coronavirus disease 2019 (COVID-19) is a global concern. It threatens to disrupt everything from international travel and supply chains to health care operations and the global economy. The ensuing public alarm has led to runs on grocery stores and shortages on surgical masks, hand sanitizer, soap and toilet paper. Like other natural disasters, the outbreak has also become an opportunity for fraudsters to cash in on public fears.

Disaster fraud has become so common that many U.S. federal agencies were quick to create websites to address coronavirus-related scams, complete with tips and sharable graphics for users to link to on social media. Some of these scams include:

  • Email and text phishing scams disguised as messages from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). These messages have malicious links that download malware, which gives cybercriminals access to victims’ data.
  • Investment pump-and-dump scams where con artists promote penny stocks for companies that claim to have coronavirus treatment products. The stock price soars with the new trades, and then the con artist dumps their shares at a profit, which leaves the stock price to plummet.
  • Third-party seller and buyer scams on legitimate online retail websites like Amazon and Walmart. On the seller side, these scams can include products with fake return policies, fraudulent claims or sales of damaged, expired, counterfeit or unsafe products. On the buyer side, a common scam is the canceled payment. The scammer purchases your products and pays with an app but cancels the payment after the product is shipped and before the transaction clears.
  • Fundraising scams by fake charities solicit donations and purport to be involved in fighting the spread of the coronavirus.
  • Fake websites advertising fraudulent (often dangerous) treatment products or sites designed to infect victims’ computers with malware.
  • Illegal price gouging on safety or treatment products, which several state authorities have reported.

The background

In December 2019, an outbreak of a new strain of coronavirus (SARS-CoV-2) began in Wuhan, Hubei Province, China. As of March 12, the World Health Organization (WHO) reports the outbreak has grown to at least 124,847 confirmed cases in 118 countries, with 4,613 deaths. Several countries, including China, Iran and Italy, have imposed widespread quarantines. On March 9, Italy announced an unprecedented countrywide quarantine for the entire population.

The full-fledged pandemic is disrupting lives around the world. Large gatherings and conferences are being canceled in numerous cities, which is negatively affecting local economies. Quarantines, whether voluntary or involuntary, are becoming the norm. Schools and colleges across the globe are canceling in-person classes and moving to online learning platforms. The U.S. federal government has initiated a 30-day travel ban to and from most of Europe for non-U.S. citizens. The National Basketball Association (NBA) suspended the remainder of its season after a player tested positive for the virus. The NCAA canceled the Division 1 men’s and women’s basketball tournaments and the remaining winter and spring championships.

A ‘pandemic’ of coronavirus fraud

As early as January 2020, cybersecurity leaders like Kaspersky and Mimecast (via Wired) reported several specific email phishing scams related to coronavirus. The emails are designed to appear as though they’re from the CDC or the WHO. The CDC email includes text about an “updated list of new cases around your city” and a malicious link. The resulting page looks exactly like an online Microsoft Outlook interface, requesting an email login and password. The page is fake and only exists to send email logins and passwords to cybercriminals.

The WHO email includes a link to download a list of “safety measures.” The malicious link takes victims to a fake WHO page that requests their email addresses and passwords. After they enter that information, they’re automatically redirected to the actual WHO website, unaware that their email addresses and passwords were recorded for later use for the cybercriminals.

On February 7, the U.S. Securities and Exchange Commission (SEC) issued an Investor Alert, that states, “We have become aware of a number of Internet promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or cure coronavirus, and that the stock of these companies will dramatically increase in value as a result. … These claims may be made as part of fraudulent ‘pump-and-dump’ schemes.” The alert states that the SEC issued temporary trading suspensions for common stock for two companies — both suspensions related to concerns about the companies’ coronavirus-treatment claims.

On March 5, tech journal The Next Web (TNW) reported at least 4,000 new coronavirus-themed website domain registrations since January, according to new research from security firm Check Point. Many of these were flagged as malicious and a smaller number were flagged as suspicious. “Many of these domains will probably be used for phishing attempts,” according to Check Point researchers. “An outstanding targeted coronavirus themed phishing campaign was recently spotted targeting Italian organizations, hitting over 10% of all organizations in Italy.”

On March 6, the U.K. National Fraud Intelligence Bureau (NFIB) reported at least 21 confirmed cases of coronavirus-related fraud, with victims losing more than 800,000 pounds ($1 million). Half of these reports were made by victims who tried to purchase large orders of surgical masks from fraudulent merchants. The others included victims of various fake website phishing attacks.

On March 12, cybersecurity journalist Brian Krebs reported that in February, a cybercriminal began selling coronavirus-related malware packages on several Russian cybercrime forums. These “coronavirus infection kits” include codes for a supposed real-time coronavirus infection map developed by Johns Hopkins University. (Here’s the actual map.) Victims open the link because they think they’re accessing the map, but the site infects victims’ computers with malware. As Krebs writes, it’s unclear how many of these packages have been sold, but cybersecurity experts have already discovered fake websites that employ code with the same interactive coronavirus map from Johns Hopkins.

Effective treatments or snake-oil scams?

On March 9, the U.S. Food and Drug Administration (FDA) and the U.S. Federal Trade Commission (FTC) issued joint warning letters to seven companies for “selling fraudulent products with claims to prevent, treat, mitigate, diagnose or cure coronavirus disease 2019 (COVID-19).”

The seven companies listed on the FDA website are: Vital Silver; Quinessence Aromatherapy Ltd.; N-ergetics; GuruNanda, LLC; Vivify Holistic Clinic; Herbal Amy LLC; and The Jim Bakker Show. The Missouri Attorney General’s Office also sued Jim Bakker, and the New York Attorney General’s Office served him with a March 3 cease-and-desist letter over the same claims. Televangelist Bakker was convicted in 1989 on 24 charges of fraud and conspiracy. He spent nearly five years in federal prison.

“There already is a high level of anxiety over the potential spread of coronavirus,” said FTC Chairman Joe Simons. “What we don’t need in this situation are companies preying on consumers by promoting products with fraudulent prevention and treatment claims. These warning letters are just the first step. We’re prepared to take enforcement actions against companies that continue to market this type of scam.”

Multiple online retailers including Amazon, Walmart, Etsy and eBay also have reported issues trying to curb the flow of fraudulent products related to the outbreak. Amazon alone stated it has removed more than 1 million products for price-gouging or fraudulent claims related to coronavirus.

Stay vigilant with more than just your health

Consumers are quickly becoming overwhelmed by fears of the disease and by thoughts of preparing for the possibility of days or weeks quarantined in their homes. As the pandemic grows, fraudsters will continue to capitalize on these fears. Consumers must remain vigilant to protect themselves in an already vulnerable time.

Tips to avoiding coronavirus scams from the FTC include:

  • Don’t click on links from sources you don’t know. They could download viruses onto your computer or device.
  • Watch for emails claiming to be from the Centers for Disease Control and Prevention or experts saying they have information about the virus. For current information about the Coronavirus, visit the CDC and the WHO.
  • Ignore online offers for vaccinations. No vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products are currently available to treat or cure Coronavirus disease 2019 (COVID-19) — online or in stores.
  • Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. Don’t donate cash or gift cards or wiring money.

Jason Zirkle, CFE, is the training director for the ACFE. Contact him at jzirkle@acfe.com.