Fraudsters & Misinformation Surge as COVID-19 Spreads

COVID-19, informally named the “Coronavirus”, is a phenomenon dominating news cycles worldwide. COVID-19, now a global pandemic, is an infectious disease that is closely related to SARS. With its ability to spread much like the flu, lack of scalable containment procedures in certain countries, and its effect on the US and global stock markets, everyone’s virtual and work-from-home (WFH) news traffic across the world is focused on COVID-19. Whenever there is news coverage of this magnitude, cybercriminals will take advantage of the heightened interest to defraud and mislead victims around the globe. The unprecedented ability to spread information quickly in modern times, via social and digital channels, also enables the rapid spread of misinformation.

ZeroFox Alpha Team has been working diligently with customers, partners and the broader security research community to identify and remediate abuse from attackers that are using COVID-19 as a pretext to target their victims. This blog post outlines Alpha Team’s findings using our public attack surface protection platform.

Misinformation Is Being Spread Through Illegitimate Domains

As coronavirus spread globally, Alpha Team observed a flurry of new websites registered, with names containing keywords related to healthcare or coronavirus specifically. Many of these sites use sensationalist language to drive traffic rather than to deliver information that is accurate. They read like newsstand tabloid headlines. One of these sites, shown below, contains many polarizing articles containing little to no factual information, and nothing to validate their claims.

The content of misleading articles ranges from recipes for traditional Chinese medicine concoctions claiming to prevent or remediate COVID-19 infections, to conspiracy theories about government health agencies.

Given the fear and anxiety surrounding disease outbreaks such as the coronavirus, particularly in the early stages, readers who come across these articles may be less inclined to fact check the content. This could lead people to take action potentially harmful to their health or to disregard government orders intended to protect the public. In times of crisis, it is especially important to mitigate these kinds of misinformation campaigns so that the public remains appropriately  informed. Depending on virality and severity, mitigation may entail removal of fraudulent sites, malicious links, or profiles/pages/accounts sharing and posting misinformation across digital platforms.

Pages, Groups, and Ads on Social Media Are Hot Spots for Misinformation and Scams

In addition to websites that are stood up to propagate misinformation, social media platforms are also being leveraged. In an effort to mitigate this, many social media platforms have added banners regarding the reliability of sources to help users leverage the proper authorities.

Despite these warnings, cybercriminals are still finding ways to stand up fake domains and leverage social media platform functionality to scam and defraud users. Facebook is currently directing users to legitimate pages regarding coronavirus, but Facebook groups are another story.

The topics of these groups vary widely. Some are intended to function as support groups, with users discussing the situation and where supplies can be found. In some, however, news articles and sales ads of dubious origin proliferate. Often, these groups direct users to nefarious sites external to Facebook. One such group, shown below, advertises non-chemical “protection,” linking users to a mold remediation product.

The posts in this Facebook group redirect to a coronavirus-themed site making extravagant claims about the capacity of their anti-mold cleaner. A deeper look at this company shows it is highly likely to be a scam - the physical address listed is fake, and the company does not appear to exist anywhere in the real world. This site is just one of the many scams now targeting COVID-19 traffic on social media platforms.

After a flurry of negative press for people who chose to hoard and resell necessary supplies, like toilet paper, n95 masks, hand sanitizer, and antibacterial cleaners, Facebook Marketplace has cracked down on the ads for these essential goods. Amazon has taken a similar approach, removing listings where the price has been inflated much higher than normal because of COVID-19. Although social platforms and marketplaces have taken significant action regarding the takedown of these offerings, fraud still abounds as scammers get creative to avoid removal.

One “creative scammer” example the Alpha Team found was related to N95 masks which are in short supply in most of the world, due to their high demand in hospitals. Despite this, there are hundreds of groups offering them for sale. The for-sale posts in these groups bypass Facebook Marketplace restrictions on price gouging of basic necessities because groups are not subject to the same level of screening as products in the Marketplace.

The authenticity of these ads cannot be confirmed, so buyers are even more likely to be scammed. Additionally, the mask pictures in many of these groups are not actually the N95 kind needed for protection against the virus. As buyers are pushed to secondary markets because of the shortage in legitimate retail outlets, they are more likely to encounter fraudulent ads and fall victim to scams.

Recommendations & Conclusion

The Internet can be a valuable resource for information, however, misinformation can be just as abundant as legitimate sources. This is particularly true in times of confusion, when traffic around a particular topic is so high around the world that information from illegitimate sources can more easily gain traction. It is important for those who seek information surrounding any subject on the internet, especially something as sensitive as COVID-19, to be discerning when it comes to misinformation and practice good cyber hygiene. Look for references, primary sources, press releases, and cross-references. Some legitimate sources to keep top of mind:

• World Health Organization (WHO), https://www.who.int/emergencies/diseases/novel-coronavirus-2019
• Center for Disease Control (CDC), https://www.cdc.gov/coronavirus/2019-ncov/index.html 
• Johns Hopkins Coronavirus Resource Center, https://coronavirus.jhu.edu/

Now, more than ever, as we further shift to remote work and embrace digital exchange, organizations must also accelerate corresponding security protections — to discourage bad actors who are prepared to take full advantage of these uncertain times. Protecting your public attack surface, by providing comprehensive and continuous visibility into all digital threats, and remediating as soon as they arise, is key to operating safely in our new ‘digital’ world.