Security News

US Consumers lose over $13M in COVID-19 scams

Avast Security News Team, 17 April 2020

Plus, social media platforms crack down on coronavirus misinformation and AI predicts where the virus will spike next

The U.S. Federal Trade Commission (FTC) reported that from January 1 through April 15, U.S. consumers registered 18,257 complaints related to the coronavirus, over 10,000 of which were reports of fraud. According to the FTC, 46% of the fraud victims reported a consequential financial loss, totaling $13.44 million cumulatively. The median fraud loss per person was $557. “While some reports claim there has not been an increase in computer attacks during this period,” commented Avast Security Evangelist Luis Corrons, “it is true that a good portion of the attacks happening now have shifted towards COVID-19 related topics, as people are interested in all the information they can learn about the pandemic.”

With more than 600,000 confirmed cases, the U.S. now leads the world in the largest number of coronavirus infections. Cybercriminals are taking advantage of a worried and desperate population by launching a multitude of scams, preying on every angle of the situation. “As usual, most attacks use social engineering techniques,” stated Corrons. “And having so many people looking for information about the same topic is an opportunity cybercriminals don't want to miss.” About half of the reported scams involve schemes based around vacation and travel. Second to those are online shopping scams, followed by text message-based fraud and bad actors impersonating businesses or the government. California residents registered the most complaints with 2,172, while Florida had the second most with 1,302. 

The FTC has put out advice to consumers on how they can avoid coronavirus scams, reminding them that the Food and Drug Administration (FDA) has stated there are not yet any approved vaccines or drugs available to treat or prevent the virus. The FTC and FDA jointly issued warning letters to merchants who falsely claim their products – including teas, essential oils, and colloidal silver – can keep the coronavirus at bay.

Social media platforms crack down on COVID-19 misinformation

Facebook, Twitter, and YouTube are among the platforms that are taking unprecedented action to use algorithms, new rules, and factual warnings to discount the harmful coronavirus conspiracy theories and unproven remedies that have been populating their services. Because COVID-19 misinformation could lead to death, the platforms have removed certain posts from President Trump’s personal attorney Rudy Guiliani and Fox News personality Laura Ingraham, where they tout the unproven drug hydroxychloroquine as a cure-all. The social media sites have also begun coupling facts from news outlets, fact checkers, and health officials with any coronavirus-related posts. More at Associated Press.

This week’s stat

18 million in 1 week!

The number of coronavirus-themed phishing emails Gmail says its malware scanners have blocked over the last week.

Russian hackers target SF airport 

Researchers have traced the hack of two San Francisco International Airport (SFO) websites to Russian state hacking group Energetic Bear, AKA DragonFly. The group compromised both SFOConnect.com, used by airport employees, and SFOConstruction.com, used by airport construction contractors. The airport circulated an alert of the data breach last week, stating that attackers had stolen users’ login credentials to the websites. But investigating researchers discovered the goal was not credentials to the websites themselves, but the Windows login credentials of anyone visiting those sites, ZDNet reported. Because the sites are accessed by airport employees, the hackers could use the employees’ credentials to infiltrate the airport’s internal network laterally, conducting reconnaissance and data theft. SFO has removed the data-stealing malware from their sites and has required password resets by all employees.

Over 500,000 Zoom accounts for sale on dark web

Hackers are selling Zoom accounts for less than a penny each on underground forums and the dark web, reported Bleeping Computer. Researchers found that hackers plied formerly breached login credentials against Zoom accounts and aggregated those that worked. The bad actors then put bundles of these accounts up for sale at a very cheap price in illicit marketplaces. Buyers of the accounts can use them for Zoom-bombing and other malicious activities. To prevent this type of hijacking, all users are advised to utilize different login credentials across all their accounts. 

This week’s quote

"You've got a steady internet connection and a motor that can put out a lot of power sitting underneath a sleeping baby. So, yeah, of course I got curious." 

-Security firm CEO Ang Cui, commenting on the internet-connected Snoo Smart Bassinet before her company investigated its now-patched vulnerabilities

Credit card skimming on certain WordPress sites

The WooCommerce plugin is a free service WordPress users can add to turn their sites into e-commerce markets, but researchers have discovered that the plugin has been compromised with card-skimming malware. The malware steals payment data from every transaction and stores it as an image file in a WordPress directory. That image file then auto-deletes once the attackers have accessed it. WordPress sites have suffered payment hacks before, but none as sophisticated as this scheme, which alters legitimate JavaScript files within the WooCommerce program to achieve its goal. 

AI predicts where coronavirus cases will spike

Through the analysis of social media posts, an AI system created by New York tech company Dataminr is able to successfully predict locations where the virus will spike. The Next Web reported that the AI forecasted outbreaks in London, Hertfordshire, Essex, and Kent 1-2 weeks before the virus spiked in those regions. In the US, the system correctly predicted spikes in 14 states about 7 days before they were hit. Instead of processing data from social media chatter or keyword searches, the AI focuses on unique posts from individuals who claim they have tested positive or been exposed to the virus, as well as those who share first-hand accounts of confirmed cases. This algorithm minimizes gossip and misleading COVID-19 mentions. TNW reported that the AI has most recently spotted pre-outbreak patterns in 6 more regions throughout the UK. 

This week’s ‘must-read’ on The Avast Blog

Interested in doing good while practicing social distancing? Join the Folding@home project and donate your extra computing power to help run complex mathematical simulations to find a cure for coronavirus and other medical problems.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.