While necessary to protect public health, the move of millions of workers around the globe into the virtual space has led to unprecedented opportunities for scammers looking to profit from fears, uncertainties and misinformation, explained Colin Couchman, Director (Cyber Security and Business Services) at Western Technology Services (WTS).
Editor’s note: Visit the official WesternCOVID-19 website for the latest campus updates.
* * *
Scammers are not ‘social distancing’ when it comes to the COVID-19 pandemic.
Around the globe, organizations have shifted to online technologies to help them through a variety of circumstances. Last week, Western not only moved classes online, but shifted much of its workforce to working from home.
While answering the calls of government and health officials, these unprecedented moves have brought unprecedented opportunity for those looking to profit from fears, uncertainties and misinformation, explained Colin Couchman, Director (Cyber Security and Business Services) at Western Technology Services (WTS).
“Malicious cyber-actors are very quick to take advantage of high-profile events, particularly those that cause worry and concern,” he said. “With the COVID-19 pandemic, we are already dealing with an anxious public.”
Most threats come in the form of increased volume and sophistication of phishing (spam) emails, where the attacker will reference the COVID-19 pandemic by impersonating a health agency, charity or other officials.
One of the top scams currently circulating in Canada involves a text message from someone claiming to be from the Canadian Red Cross offering free facemasks, the Canadian Anti-Fraud Centre reported. The Canadian Red Cross has confirmed they’re not sending out text messages or emails of this nature.
Other phishing scams include emails claiming to be from the World Health Organization (WHO) or Public Health Agency of Canada linking to COVID-19 virus updates. Both organizations are not sending emails to individuals and ask the public to go directly to their sites for updated information.
“The emails may appear to come from a legitimate source, but may contain malicious attachments or links,” Couchman said.
With a goal to obtain personal/organizational credentials or financial information, attackers may be after credentials for the purposes of implanting viruses that would be devastating to an organization, such as ransomware.
Couchman continued, “As organizations are momentarily distracted in providing services to constituents, these actors will seek to achieve success through disruption, exploitation or theft.”
The Canadian Anti-Fraud Centre offices are currently operating at a reduced capacity, and ask if you have been a victim of fraud to contact local police. Otherwise, you can file your report online through their Fraud Reporting System.
In just the first two months of 2020, there have been more than 7,800 fraud cases reported in Canada totalling $9.2 million in losses.
Phishing attempts and scams already reported to the Canadian Anti-Fraud Centre have included fraudsters posing as:
- Cleaning or heating companies offering duct-cleaning services or air filters to protect from COVID-19.
- Local and provincial hydro/electrical power companiesthreatening to disconnect your power for non-payment.
- Centers for Disease Control and Prevention (CDC) or WHO officials offering lists of COVID-19 infected people in your neighbourhood.
- Public Health Agency of Canada saying you have tested positive for COVID-19, and tricking you into confirming your health card and credit card numbers for a prescription.
- Government departmentssending out coronavirus-themed phishing emails, tricking you into opening attachments to reveal sensitive personal and financial details.
- Financial advisors pressuring people to invest in hot new stocks related to the disease and offering financial aid and/or loans to help you get through the shut downs.
- Door-to-door sales people offering household decontamination services.
- Private companiesoffering fast COVID-19 tests for sale. Only hospitals can perform the tests.
“It is important to note the malicious actors will try a number of things over the coming weeks, some blatant and others more subtle,” Couchman said. “We should all be on our guard and verify the source of messages if we are unsure.”
He added it is highly recommend that students, staff and faculty use the Western email system to send messages to each other, as that method of communication is the most likely to be legitimate and the easiest method to determine authenticity.
“In some cases, the attack is quite tailored to a situation, an organization or an individual,” Couchman continued, noting if you’re unsure of an emails source or its authenticity, reach out to WTS at phishing@uwo.ca.
“One thing should be clear, these types of attacks will increase and will look to exploit emerging circumstances.”
