Text Size

Stop the spread

Stop the spread

It used to be that the two certainties of life were death and taxes.  In these pandemic times add a third.  Hackers.  Those using their selfish guile to prey upon others, particularly during the current COVID-19 calamity, for their own personal gain.  The last thing the world needs is another global virus pandemic. 

The trick is for you to burst their bubble before they burst yours. 

Several cybersecurity firms are reporting an uptake in attacks against a range of targets, all using the ongoing COVID-19 pandemic as a hook to hoodwink their victims into running malware viruses.

There is cybersecurity data from Italy that shows that cybercrime has more than trebled (compared with monthly averages for the previous year) since the full impact of the virus has hit. This shows that cybercriminals are aggressively capitalising on the state of chaos as the Coronavirus pandemic overwhelms the country’s health system and kills thousands of people. This pattern is being replicated throughout the world. 

The point of vulnerability is this:  At a time when people are rallying together to generously care and share with others, the cybercriminals’ actions are even more insidious. 

Climate of fear

Essentially, they take advantage of the climate of fear, uncertainty and doubt to try to scam and defraud vulnerable people or those who have let their guards down. Being mindful of this tendency for scammers to exploit a crisis for profit, as well as watching out for their common techniques, can help to keep you safe online during this difficult time.

Here is the state of play in New Zealand. Cybercriminals (both in New Zealand and overseas based) are exploiting the confusion created by the crisis on all aspects of life , particularly the economy. 

They are targeting the Government’s Covid-19 wage relief announcement by masquerading as representatives of the Ministry of Social Development to scam unsuspecting claimants. Other common scams to watch out for are people selling fake Coronavirus cures.  Or scammers contacting people via email, phone and/or SMS to say they have tested positive to Coronavirus and then demanding credit card details to allow for treatment.   

As always, the main method of attack will be phishing, where criminals send emails pretending to represent a relevant authority, so they can exploit your trust in that authority to trick you. Be on the lookout for emails about Coronavirus that claim to be from official sources, potentially claiming to offer you financial assistance or requiring you to provide personal information.

Catching a Phisherman 

Always remember that email is an insecure technology.  Making it relatively easy for cybercriminals to use hacking tricks to make it look like they are someone they are not. Some phishing emails will have obvious errors, like spelling and grammar mistakes. Others may seem entirely realistic, but the sender’s address may not match the organisation the email claims to represent. The most convincing phishing emails are almost indistinguishable from legitimate emails, including the sender’s address. If you are uncertain for any reason, make direct contact through a telephone call to the organisation’s official telephone number to confirm the legitimacy of an email.

Unsafe in quarantine

Some people coming back into New Zealand from abroad have been asked to go into quarantine facilities because they have no self-isolation plan or are displaying Coronavirus symptoms. If you find yourself in this kind of facility, avoid the urge to use any free Wi-Fi available in the hotel you are being quarantined in. Many people don’t realise that public Wi-Fi is insecure and that it is possible for hackers with the right equipment to intercept and tamper with their data. In this case use mobile data for any sensitive Internet tasks to be more secure in an untrusted environment where you don’t control the Wi-Fi.



Money mules to spread the scandal

It might appear that online scammers are intent on money theft, but they will unashamedly use a crisis to dupe the unsuspecting into helping them launder money. It is common for gangs of hackers to take over computers in victims’ businesses and intercept all their customers’ payments. These gangs then look for ‘money mules’ to ‘clean’ this stolen money so it is harder to trace by banks and law enforcement.

To trick you into becoming a money mule, the gangs may pretend to be from an authority like the Ministry of Social Development, offering to deposit money to help support you financially during the crisis. After they put the money in your account, they will then tell you a fictitious reason why the money now must be moved. 

The money mule’s job is primarily to ‘facilitate’ the transfer of money to another bank account.  There are cases where the victim will be tricked into withdrawing cash and, to add insult to injury, physically delivering it to one of the gang’s contacts. One of the most common approaches is to convince the victim to purchase gift cards with the money (more on this below).

Tragically many innocent people have got themselves caught up in money mule scams and inadvertently become accessories to organised crime. They often don’t know they have been committing crimes until they are picked up by law enforcement. In some cases, money mules have found themselves arrested and placed in prison for assisting with money laundering.  At this time, it is all the more essential to watch out for the warning signs.

Add common sense to your arsenal  

Ask yourself the question:  Would the Ministry of Social Development really ask you to buy? Cybercriminals need help to launder their stolen profits, so they target random people and trick them into becoming money mules using gift card scams as a preferred modus operandi.  Mainly because they are hard to trace and difficult to recall once issued as compared to bank transfers or even Bitcoin payments.   

If you ever find yourself on the phone to a person claiming to be from a New Zealand government agency and telling you to buy gift cards to pay off a debt, you are almost certainly talking to a scammer. While many otherwise intelligent people get caught out by this scam, no government agency would ever ask you to do this. Remember: gift cards are for gifts, not official payments.

Reporting cybercrime

If you believe you have been the victim cybercrime, the first step is always to contact your bank so you can verify your suspicions, try to prevent further losses to yourself, and help to protect other customers. After discussing it with your bank, you can use the NZ Police’s 105 number for non-emergency situations or call 111 for emergencies. You can also report online scams to Netsafe on 0508 NETSAFE (0508 638 723).