As the world continues to battle with the deadly coronavirus pandemic, immoral cybercriminals are once again on the prowl. This time, they are using the chaos and fear through phishing techniques and sophisticated malware hacks to access people’s crypto holdings.
On March 27, residents in the United Kingdom received warnings from their local councils “to be on their guard against a series of scams attempting to take advantage of the coronavirus outbreak.” Scammers have been using other tricks to lure victims, including the use of false Bitcoin (BTC) donation channels, fake maps of the coronavirus’s spread that steal private data from computers and that install ransomware programs that can only be unlocked with Bitcoin.
Fortunately, regulators such as the United States Securities and Exchange Commission and various American states, in addition to local councils in the U.K., as well as the European Central Bank, have all issued warnings of investment scams.
False claims for Bitcoin
Some of the common schemes include scammers claiming to possess lists of people who have tested positive for COVID-19 in a given area that they will sell to local residents in exchange for Bitcoin. According to research, this is done via phishing emails and texts that falsely claim to be from organizations such as the World Health Organization.
With email subjects such as “HIGH-RISK: NEW confirmed cases in your city,” the scammers trick unsuspecting users into opening the emails. The hackers then use malicious links in the email that, when clicked, steal users’ private data.
Scammers claiming to sell protective gear
As shoppers have been stocking up on essentials to prepare for a long quarantine, scammers have been busy for months on e-commerce sites like Amazon, selling counterfeit hand sanitizer and face masks. They charge high prices for items in demand, accept crypto payments and then never deliver the items to the customers.
The scammers have achieved this by luring customers away from trusted sites in order to take payments addressed to phony shipping labels. Finally, the scammers then liquidate the crypto funds using several different exchanges.
Hospitals have not been spared amid these widespread cyberattacks. Reports show that ransomware attacks have been prevalent in hospitals, as they are seen as soft targets. Due to the vital nature of hospital work, victims of cyberattacks who have critical IT systems encrypted by hackers are more willing to pay up whenever such criminals demand Bitcoin to regain access to needed equipment.
Cybersecurity experts have started forming groups such as the COVID-19 CTI League in order to combat ransomware attacks on hospital IT systems during the current coronavirus crisis.
Ransomware
A team of cybersecurity experts called Malware Hunters working together with Kaspersky security analysts have uncovered a new ransomware threat called CoronaVirus. The malware was discovered on a malicious website that claimed to provide downloads of WiseCleaner, a system-optimizing application.
Upon downloading the application, a malicious file activates the CoronaVirus ransomware, thereby encrypting the user’s computer. The hackers would then demand payment in Bitcoin to give back the user’s access to the computer.
Other scams
Other fraudulent tricks used by scammers include the use of coronavirus maps that infect users’ computers with malware. They inject code onto computers that gleans passwords and credit card numbers, as well as other important information stored in web browsers.
Other fraudsters have used articles that prompt users to subscribe to daily newsletters covering the pandemic only to expose their data to cybercriminals. To further take advantage of the global economic downturn, some have created investment and trading schemes that claim to give people an advantage in the market.
Why are scammers using crypto?
While commenting on why hackers and cybercriminals are increasingly facilitating their attacks using crypto, Alex Wilson, a co-founder of The Giving Block — an organization that equips nonprofit organizations to accept crypto donations — told Cointelegraph that Bitcoin is not the only way to extort money, adding:
“The more adoption Bitcoin gets, the more often bad people will also use it as more normal people begin to use it (proportionally). Criminals come to where honest people have their money, not vice versa. In general, illicit activity is much more prevalent in the traditional markets than in the crypto industry by a 10:1 ratio.”
Andrew Adcock, the CEO of crowdfunding platform Crowd for Angels, told Cointelegraph that the reason for the increased use of crypto in cyberattacks is because “the mechanics of Bitcoin ensure that no third party can trigger a ‘refund’ of a transaction.” This means that if a customer sends crypto to a hacker, they most likely won’t get it back.
Tips to avoid scams
In order to avoid falling victim to these scams, Wilson suggests users follow due diligence before submitting funds for any donation. He also warns that most professional nonprofit organizations looking for donations will never ask for a donation directly. Therefore, users should look out for wallet addresses posted on social media as a red flag. He also added:
“Only donate to registered charities to make sure your money is really being used the way you think it is. You can use sites like Guidestar.org or CharityNavigator.org to look up ratings of charities.”
Adcock also recommends users take several precautionary steps to avoid scams. Users should ask themselves a couple of questions before proceeding: Is the origin of the message unknown, and has the email come from a generic address and not from a company? If unsure where the link will lead, do not click on it. Hovering over the link should show the destination. Adcock concluded: “Remember that age-old saying: ‘If it sounds too good to be true, it probably is.’”
Few scams have worked out
The good news is that despite the rise in the number of coronavirus- and crypto-related scams, a number of governing bodies around the world have moved quickly to issue warnings against them. For businesses, however, Adcock advises that:
“There is a fine balance that needs to be found so that genuine companies are not penalized whilst spammers are combated.”