Cyber attackers are opportunistic, and like clockwork, during every major holiday (see: Black Friday), global crisis, or national or global event (see: US elections), bad actors prey on a new crop of potential victims. The COVID-19 pandemic is no exception to the rule, and despite a global recession, scams and phishing attacks are booming. The ZeroFox Alpha Team previously reported an increase of more than 60% in phishing, scam, and data leakage attacks in the first four months of 2020; and much like the coronavirus itself, virus-related scams, and the scammers behind them, won’t be disappearing soon. This piece outlines ZeroFox's scam findings and 3 fraud defense strategies security teams can take to combat persistent coronavirus scams.
ZeroFox identifies text and image-based scams, relying on a combination of AI-driven automated analysis, using tools like Optical Character Recognition (OCR) and Natural Language Processing (NLP), and validation by our SOC analyst team. In comparing scam activity between March and August of 2020 with the same time period last year, ZeroFox recorded a 519% increase in scam activity across our entire customer ecosystem. Scam types in all categories experienced growth, whether money muling, romance scams, HR, or crypto scams.
Categorizing coronavirus scams
‘Scam’ is a broad term, so let’s break down the different types of digital threats targeting consumers. By nature, a scam is any post, comment, or account targeting viewers with offers that appear too good to be true. Though the type of payoff varies, victims are often promised cash payments, jobs, product giveaways, and cryptocurrency.
Money flipping scams increased by 609%, more than any other category. These scams rely on money muling, with offers like, “Give me $50, and I’ll give you $500 back.” The reverse approach is used too, where victims are asked to launder $500, with the promise of receiving a cut of the funds.
HR scams are high on the list too, with a 295% year-over-year increase. The ZeroFox Alpha Team suggests that this may align with coronavirus scammers seeking to capitalize on unemployment increases, targeting furloughed or laid off workers, and at times even promoting work-from-home opportunities. ZeroFox also observed a 100% increase in social media profiles impersonating corporate HR representatives. The New York Times reported on the personal stories of victims of these HR and money muling scams as well.
Crypto Giveaway scams grew by 164% year-over-year increase as well. A recent example leveraged several high-profile account takeovers, tricking unsuspecting victims to give away their money (see: Cryptocurrency scam).
Coronavirus scams target vulnerable victims
As with other major incidents, ZeroFox research suggests that the majority of coronavirus scams target victims suffering from the economic impacts of the COVID-19 pandemic; HR scams are a prime example, and with global unemployment rates on the rise, workers without jobs are among the most vulnerable. Scams of this type urge victims to provide personal information and pay application fees, often leaving those who have little with even less.
Across industry categories, retailers are targeted the most. With stay-at-home mandates in place, shoppers are making purchases online for even the most basic of needs. Perhaps reflecting this trend, ZeroFox observed a 1,579% year-over-year growth in scams targeting the retail industry, and more specifically saw a 226% increase in scams targeting the consumer goods industry.
Financial services remain a lucrative target requiring fraud defense
Financial services remains a top target for coronavirus scams, with a 423% increase in threat activity compared to 2019. Common schemes target banking and financial consumers with giveaway, crypto, and credit card scams, exploiting the trust established between these institutions and their customers.
Combatting coronavirus scams at scale
As expected, remediation activities positively correlate with the increase in scam activity ZeroFox observed. On behalf of its customers, ZeroFox partners with social media networks, hosts, and digital platforms to flag digital scams for takedown and removal. Across all industries and scam types, ZeroFox observed a 94% year-over-year increase in takedown submissions and removal.
Fraud defense requires a multi-step approach
Given their sheer volume, scams and fraudulent activity are difficult for security teams to identify quickly and take down before impacting customers. Security teams looking to protect consumers proactively should:
Scams and fraudulent activity are inevitable making fraud defense critical
John F. Kennedy often repeated a claim that, “In the Chinese language, the word "crisis" is composed of two characters, one representing danger and the other, opportunity.” Though factually incorrect, the sentiment aptly applies to the COVID-19 crisis: an opportunity for scammers and danger for users online. While tactics and techniques by-and-large remain the same, the ZeroFox Alpha Team identified significant increases in scam activity targeting everyday users. In particular, this holds true for individuals suffering from the economic impact of the Coronavirus and businesses rapidly shifting to digital-first services and transactions.