Cyberfraud Soars During Pandemic: ‘New Wine in Old Bottles’
“Current academic research and industry reports have shown that fraudsters have put old wines into new bottles to defraud targeted victims by abusing the COVID-19 context,” said the authors, Katelyn Wan Fei Ma of York University; and Tammy McKinnon of Queen’s University, both in the Canadian province of Ontario.
The paper, which has not yet been peer-reviewed, argued that as COVID-19 forces people to work, shop and interact with friends and loved ones online, cybercriminals are finding many more opportunities to exploit all these online service users.
“As the public moves from in-person to online activities, the likelihood of cybercrime victimization also increases, which may result in a disruption of services, financial loss, data breaches, and individual and institutional anxieties,” the authors wrote.
“Many people have experienced emotional turbulence of various degrees during the pandemic, including but not limited to trauma and post-traumatic stress, depression, loneliness, generalized anxiety, insomnia, and suicidality,” said the study.
According to research cited in the paper, 30 percent of cyberfraud incidents involve cybercriminals targeting victims using relief as an emotional appeal, while 22 percent of cyberfraud events are associated with fear.
To fuel fears, cybercriminals may circulate news about COVID-19 local outbreaks, or use intimidating virus-related images to make victims feel vulnerable and concerned.
Various financial relief programs like the Paycheck Protection Program (PPP) are ripe targets for cybercriminals. They can exploit governmental relief programs through offering help to qualified applicants in filling out financial relief program applications and consequently stealing victims’ identities.
Another route is using victims’ compromised identity information to file fraudulent financial relief program support, while the victim is either not qualified to receive such benefits or unaware of the application at all.
Fraudsters can also pretend to be contact tracers, and may ask for targeted victims’ bank account information or credit card numbers. Sometimes they may also ask for social security or social insurance numbers for the purposes of identity theft, or ask for money transfers, gift cards, or cryptocurrency for immediate financial gain.
Some contact tracer scammers may even intimidate victims by threatening their immigration status or instruct them to download malware by clicking suspicious emails or text messages.
COVID ‘Romance’ Scams
“Romance fraud” is anything but new. Yet as COVID-19 lockdowns continue, “cyber criminals can more easily exploit people’s loneliness and need for attention and love for their own financial gain,” the study said.
A fraudulent company quickly offers the victim a job without going through a formal hiring process. The perpetrator may make the victim pay an advance fee for “training” or make them buy expensive equipment and supplies to work from home.
The victim may be “accidentally” overpaid through a fraudulent check and then will be asked to deposit the check to wire back the difference. Some victims may even be asked to purchase cryptocurrency as a part of their job, using money that may be stolen.
“As unemployment rates in many sectors spike during the pandemic, people are more vulnerable to online employment scams and can be easily manipulated and abused by cyber criminals,” say the study authors.
The complete paper is available here.