Product No. 2020-04-020
HSEC-1 | NTIC SIN No. 2.5, 5.4
April 17, 2020
|
|
|
Federal Partner Guidance

FBI Warns of Advance Fee and BEC Schemes Related to Procurement of PPE and Other Supplies During COVID-19 Pandemic
The Federal Bureau of Investigation provided this industry alert to warn government and health care industry buyers of rapidly emerging fraud trends related to procurement of personal protective equipment (PPE), medical equipment such as ventilators, and other supplies or equipment in short supply during the current COVID-19 pandemic.
The FBI recently became aware of multiple incidents in which state government agencies, attempting to procure such equipment, wire transferred funds to fraudulent brokers and sellers in advance of receiving the items. The brokers and sellers included both domestic and foreign entities. In one case, an individual claimed to represent an entity with which the purchasing agency had an existing business relationship. By the time the purchasing agencies became suspicious of the transactions, much of the funds had been transferred outside the reach of US law enforcement and were unrecoverable.
The current environment, in which demand for PPE and certain medical equipment far outstrips supply, is ripe for fraudulent actors perpetrating advance fee and business email compromise (BEC) schemes, such as those described above. In advance fee schemes related to procurement, a victim pre-pays (partially or in full) a purported seller or a broker for a good or service and then receives little or nothing in return.
BEC schemes often involve the spoofing of a legitimate known email address or use of a nearly identical email address to communicate with a victim to redirect legitimate payments to a bank account controlled by fraudsters. A variation on BEC schemes can involve similar social engineering techniques via phone call.
To read more about risk factors and mitigation recommendations for this current threat, please review the FBI's Press Release here.
|
|
|

Current and Emerging COVId-19 Cyber Threats
CoViper Malware Exploits Pandemic and
Damages Master Boot Record
Researchers at Avast discovered a wiper malware family, CoViper, also known as MBR (Master Boot Record) wiper or MBR locker, that exploits the COVID-19 pandemic. CoViper damages a critical component of the OS start-up known as the MBR, rendering the compromised machine inoperable. CoViper stops the user from ceasing the malware process by disabling the Task Manager. It is currently unknown how the threat actors initially compromise systems with CoViper, only that it masquerades as files related to COVID-19.
The NTIC Cyber Center recommends users keep device operating systems up-to-date and enable two-factor authentication on their accounts, avoid reusing passwords across multiple platforms and avoid opening unexpected correspondence. In addition, we encourage network administrators to scan for and proactively block the indicators of compromise (IoCs) associated with this malware located in Avast's blog post.
Profit-Motivated Criminals Could Exploit IRS Stimulus Payment Page
With the US federal government now processing Economic Impact Payments via direct deposit, the Internal Revenue Service (IRS) created a website to collect bank account information from Americans who do not usually file a tax return form. Unfortunately, profit-motivated criminals are actively trying to intercept payments using the website’s relatively relaxed identification requirements by targeting the information of people who have disabilities, who are low-income workers, and those who have no access to computers or the Internet. The only information needed to claim these electronic payments are a target’s name, address, date of birth, and Social Security number – information that can easily be found in any number of data breach repositories. Criminals can then supply their own bank account information to receive the payments without further verification.
Phishing Campaigns Masquerade as Correspondence from the White House and Vice President Mike Pence
Researchers from email security firm Inky discovered two phishing campaigns impersonating email correspondence from the White House and Vice President Mike Pence. The first campaign includes the subject line “White House Instruction for Coronavirus” and prompts email recipients to click on an embedded link. Once the link is clicked, the victim will be redirected to a fraudulent White House website and prompted to download a malicious Word document and enable macros, which then installs malware onto the victim’s computer. The second campaign is an extortion attempt, claiming that the targeted company is involved in human trafficking, drug dealing, and money laundering and that Vice President Pence would like to reach a financial agreement before the issue is brought to President Trump. There is no malware connected to this extortion scam.
Malicious Coronavirus-Themed Mobile Applications Discovered
Researchers at checkpoint uncovered sixteen malicious applications that masquerade as legitimate coronavirus-related services found on unofficial app stores. These applications claim to offer COVID-19 help and information but actually contain mobile malware including Mobile Remote Access Trojans (MRATs), banking Trojans, and premium dialers designed to steal data, control devices, and generate revenue.
|
|
|
COVID-19 Scams in the News
Coronavirus: Travel Scam Warning
Analytic Comment: The UK Credit Industry Fraud Avoidance System (CIFAS) warns against a rise in travel scams targeting canceled travel plans due to the coronavirus pandemic. Threat actors have set up fake websites masquerading as travel companies, tour operators, and insurers offering to refund or rebook cancelled trips. However, these fraudulent companies do nothing more than steal personal information and bank details to use in a later attack or withdraw money from victims’ accounts.
Coronavirus-Themed Phish Continue to Surge
Analytic Comment: Cofense threat intelligence researchers are investigating a surge in coronavirus-themed phishing campaigns as enterprises and government entities mandate remote work. These threat actors make use of emails with subjects such as “work from home” while spoofing common COVID-19 response organizations such as the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), various health and medical organizations, shipping companies, and more. These COVID-19 phishing templates are becoming increasingly sophisticated and could possible fool even the more tech-savvy recipients.
Cash App Scammers Are Using Coronavirus to Exploit People
Analytic Comment: Scam artists are conducting coronavirus-themed money flipping scams via the mobile payment application Cash App, attempting to lure victims by advertising coronavirus-related financial help and prizes. The perpetrators of these scams will first request a small amount of money as a processing requirement, promising to send the victim a larger amount later. However, the victims never receive the promised amount and may not be able to recover the money they sent to the scammers. To read more about the threat of Peer-to-Peer (P2P) payment scams, please read our blog post titled Securing Our Communities: Peer-to-Peer Payment Scams.
Scammers Are Setting Up GoFundMe Accounts for Fake Coronavirus Victims
Analytic Comment: Scammers are setting up fraudulent fundraising campaigns while masquerading as coronavirus victims or their relatives to elicit funds from charitable victims. Scammers are leveraging social media and crowdfunding websites to receive donations for medical expenses and funeral services, often duplicating profile pages of legitimate pandemic victims and soliciting their existing contacts for financial assistance. During this and other disasters, it is important to verify all charities and donation websites prior to submitting any personal or financial information. To read more about the threat of disaster scams and for additional mitigation strategies, please read our blog post titled Securing Our Communities: Disaster Scams.
US Consumers Report $12M in COVID-19 Scam Losses Since January
Analytic Comment: The US Federal Trade Commission (FTC) reports that consumers have lost over $12 million to COVID-19-related scams and have received more than 16,000 related scam reports since January 2020. According to the FTC, these scams appear to have impacted those areas most affected by the pandemic, including California, New York, Texas, and Florida. Scammers targeted victims via email, phone calls, and social media platforms in an effort to obtain their personal and financial information. Historically, profit-motivated criminals have sought to exploit personal hardships and widespread disasters for their own financial gain. The most effective method of countering these types of scams is through large-scale education campaigns and unified messaging to help consumers recognize the common tactics that are used to exploit them.
|
|
|
|
|