Emails masquerading as government announcements
Scammers impersonating the Ministry of Health via phone calls and phishing emails have come out in force. Globally too, fraudulent emails have included logos and other imagery associated with the Centers for Disease Control (CDC) and the World Health Organisation (WHO). Emails include links to items of interest, such as "updated cases of the coronavirus near you." Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.
Operational Disruption of Home-Based Learning (HBL)
The spread of COVID-19 is disrupting temporary operations in some industries. In Singapore, a home-based learning tool was hacked due to encryption vulnerability. The hackers breached the e-learning modules to post inappropriate imagery. Singapore’s Ministry of Education of Singapore temporarily banned the tool for further investigations and security measures.
We have seen a rise in malicious emails directing recipients to educational and health-related websites riddled with malware. Recently, users have been enticed to click on maps providing updates on local COVID-19 cases, loaded from legitimate sources but running malware in the background. In Singapore, scammers have taken advantage of the remote work situations to typically impersonate staff from telecom providers, persuading victims to install software applications that will resolve Internet issues. These cyber-attackers claim to be from "Cyber Crime Department of Singapore" or "Cyber Police of Singapore" - agencies that do not exist, directing them to install applications to help with investigations. Once installed, scammers then ask them to login to their online bank accounts and money is then transferred out of their accounts without the knowledge of the victims.
False advice and cures
Emails purporting to hail from regional medical providers, were among the first COVID-19 related phishing attacks. Some phishing emails invite recipients to download attachments containing “secret cures” for the virus. The attachments instead contain malware designed to steal the personal and financial information of the victim.
Fraud that go beyond business email compromise
During crises and economic downturns, many other types of frauds increase, and they can be harder to detect and may require adjustment to controls to mitigate the risk. For example, customer account security controls, such as risk scoring models, will need to be recalibrated to discern fraudulent transactions from legitimate transactions. Fraudsters may target different products than they did prior to the crisis, as customers may change behaviors and preferences amid the crisis and the economic downturn.