The coronavirus pandemic has created a perfect storm for scammers seeking to defraud panicked, isolated and emotionally vulnerable targets, experts say.
“I think we are in for a wild ride,” said Frank McKenna, an anti-fraud expert who has studied organized fraud networks in Canada and the United States. “We have this unprecedented global fear and panic. I’ve never seen an environment quite as ripe for fraud as now.”
The COVID-19 pandemic has caused a dramatic rise in unemployment and financial stress, which is an optimal market disruption for scammers to exploit, according to McKenna. Meanwhile, most of the world has been put into physical isolation — creating a divide-and-conquer environment that predators thrive in.
McKenna said in his studies, fraudsters in Canada work in well-organized rings that share information about successful scams. And it’s believed these networks are swinging into overdrive because of an increased supply of victims who are separated from normal social networks, which tend to offer support and advice.
And yet the world is extremely interconnected online, and a great deal of fraud now takes place in cyberspace, meaning fraudsters have a captive and receptive audience.
“People are inundated,” McKenna said. “They are on the internet looking for answers and they don’t know what’s real.”
This target-rich environment is compounded because the world is awash in promises of stimulus spending and financial assistance, McKenna said. Meanwhile, government agencies are issuing alerts regarding COVID-19 circumstances.
This allows cyber-criminals numerous opportunities to craft fake government websites and messages, McKenna said, and exploit prevalent fears and needs.
The present threat was underlined Thursday afternoon with a tweet from Canada’s finance minister Bill Morneau.
“#ScamAlert: The Government is NOT sending text messages regarding the new Canada Emergency Response Benefit. If you have received a text message regarding the benefit, do not click the link,” Morneau tweeted.
And Finance Canada followed up, with advice: “If you get a text message saying you received a deposit for the Canada Emergency Response Benefit. Beware it is a scam! Do not reply or click on the link, delete the text and warn others.”
Scammers will seek social insurance or banking information in such cases, McKenna said. And they try to trick victims to transfer upfront payments by claiming a small fee is needed to process a COVID-19 benefit cheque.
McKenna said seniors especially will be vulnerable to such phishing attempts. His advice is that before clicking on a link, readers should make efforts to “triangulate the information” — meaning, complete independent web searches to judge whether the information is coming from a verified source.
For example, McKenna said, scammers are sending out email messages or posting links claiming to be from the World Health Organization, the U.S. Centers for Disease Control or the Canada Revenue Agency. Instead of trusting these sources and links, internet users should go to the official government website first, and complete a search within that domain to see if the relevant notification or information actually exists.
John Mecher, a retired RCMP anti-fraud and financial crime specialist who is an expert on mass market scams, said it’s no surprise that well-organized fraudsters are rolling out familiar scams with tested techniques in a time of crisis.
“It’s nothing new that the fraudsters are exploiting this pandemic — they are the only group in the whole world that loves disasters,” Mecher said. “With the COVID pandemic, a lot of folks are overwhelmed, which is causing even more people to become susceptible.”
According to McKenna, the best advice for people who suspect they may be engaged with a fraudster using pressure or exploiting fear is to just walk away, put down the phone or turn off the computer, whether the interaction is in person or online.
Meanwhile, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security are continuing to take down large numbers of malicious websites, including sites that have spoofed the Public Health Agency of Canada, Canada Revenue Agency and Canada Border Services Agency, spokesman Evan Koronewski said.
Most of the cybercriminals are using these fake sites for “advance fee fraud” scams and information phishing attacks, he said.
“Over the March 20-23 timeframe, our continued efforts contributed to the takedown of over a hundred fraudulent sites or email addresses designed specifically for malicious cyber activity,” Koronewski said. “We are working with our industry partner to automatically start taking down cyber actors phishing using COVID-19 themes before they can take advantage of Canadians.”
The CSE has published a webpage — Staying Cyber Healthy During COVID-19 — that advises users on how to spot phishing and malicious messages.