Woman's Home Raided After Lie of Neighbor's Death
Nigerian Prince Scams in the Age of COVID-19The rise of coronavirus-themed ploys has not diminished the prevalence of Nigerian Prince scammers. Indeed, PhishLabs discovered one example in which digital fraudsters impersonated the U.S. Department of Treasury. Those responsible for this email claimed that the United Nations and the U.S. President had instructed them to "release all unclaimed ATM card to the beneficiary to curtail the recession because of the outbreak of the Corona Virus." All they needed was a one-time $50 fee.
LokiBot Infostealer Hidden in Fake WHO Guidance DocMany digital attackers are understandably eager to impersonate the WHO as a means of disseminating their ruses. In one example observed by Fortinet, for instance, malicious actors spoofed the WHO to advertise the creation of a document that allegedly contained instructions on how residents could protect themselves against COVID-19. All they needed to do was open an attachment with the name “COVID_19- WORLD HEALTH ORGANIZATION CDC_DOC.zip.arj.”
Evasive Phishing Campaign Leveraged Coronavirus-Themed Work Files to Steal CredentialsNot all coronavirus-themed email scams are rudimentary in design and execution. Menlo Security spotted one campaign that used multiple attack techniques to target 100 companies located in Asia and the United States. The operation began with a personalized email that appeared to come from the organization's CEO. Malicious actors made this email convincing by researching the target organization beforehand and by copying design elements like the footer and layout from legitimate pieces of correspondence. In an effort to bypass organizations' mail filters, these attack emails delivered PDF documents containing shortened links that invited recipients to read about their employer's "COVID-19 employee benefits."
Blood from COVID-19 Patient Sold on Dark Web?In a truly bizarre scam shared by McAfee, a fraudster who claims to have been infected with COVID-19 offered to sell their blood and saliva for $1,000 on a dark web forum. They claimed that they were doing this to "provide for [their] family financially." You can see the original ad in a Twitter post embedded below: https://twitter.com/ChristiaanBeek/status/1244560044273868803?s=20 Whoever created this advertisement more than likely wanted to scam someone on the dark web forum out of $1,000. Then again, there's no way to prove whether this was a scam or a legitimate offer.
Man Arrested for €6 Million PPE ScamAnd now for some good news! Europol announced the arrest of a 39-year-old man who had masqueraded as a legitimate company and promised to deliver personal protective equipment (PPE) such as FFP2 surgical masks and hand sanitizers. Through these efforts, the individual defrauded a French pharmaceutical company out of €6.64 million. The company had delivered this sum to a bank account based in Singapore, yet the "provider" never responded, and no supplies ever arrived. After hearing of this theft, Europol reached out to its counterparts in Singapore. Local law enforcement authorities responded by blocking part of the payment that had been made in the scam. They also identified the man responsible for the ruse and arrested him shortly thereafter. Have you seen a coronavirus-themed scam? If so, let us know by reaching out on Twitter.
Check out our other COVID-19 scam roundups below!
- COVID-19 Scam Roundup – May 11, 2020
- COVID-19 Scam Roundup – May 4, 2020
- COVID-19 Scam Roundup – April 27, 2020
- COVID-19 Scam Roundup – April 20, 2020
- COVID-19 Scam Roundup – April 14, 2020
- COVID-19 Scam Roundup – April 6, 2020
- COVID-19 Scam Roundup – March 30, 2020
- COVID-19 Scam Roundup – Week of 3/16/20