Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Tuesday, March 31, 2020

Beware fraud and scams during Covid-19 pandemic



Criminals are using the Covid-19 pandemic to scam the public – don’t become a victim.

Law enforcement, government and private sectors partners are working together to encourage members of the public to be more vigilant against fraud, particularly about sharing their financial and personal information, as criminals seek to capitalise on the Covid-19 pandemic.

Criminals are experts at impersonating people, organisations and the police.

They spend hours researching you for their scams, hoping you’ll let your guard down for just a moment.

Stop: Taking a moment to stop and think before parting with your money or information could keep you safe.

Challenge: Could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.

Protect: Contact your bank immediately if you think you’ve fallen for a scam and report it to Action Fraud*.

Your bank or the police will NEVER ask you to transfer money or move it to a safe account.

Criminals are targeting people looking to buy medical supplies online, sending emails offering fake medical support and scamming people who may be vulnerable or increasingly isolated at home. These frauds try to lure you in with offers that look too good to be true, such as high return investments and ‘healthcare opportunities’, or make appeals for you to support bogus charities or those who are ill.

Reports from the public have already included online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived and a number of cases have been identified where fake testing kits have been offered for sale.

Criminals are also using Government branding to try to trick people, including reports of using HMRC branding to make spurious offers of financial support through unsolicited emails, phone calls and text messages.

This situation is likely to continue, with criminals looking to exploit further consequences of the pandemic, such as exploiting financial concerns to ask for upfront fees for bogus loans, offering high-return investment scams, or targeting pensions.

Huge increases in the number of people working remotely mean that significantly more people will be vulnerable to computer service fraud where criminals will try and convince you to provide access to your computer or divulge your logon details and passwords. It is also anticipated that there will be a surge in phishing scams or calls claiming to be from government departments offering grants, tax rebates, or compensation.

Please see below for more information on the most common COVID-19 frauds and the steps you can take to keep yourself safe.

Online Shopping and Auction Fraud

More people may fall victim to #onlineshopping fraud as they self-isolate due to #COVID19. You are a victim of online shopping fraud if you buy goods from an online seller that never arrive.

Computer Software Service Fraud

As more people work from home due to #COVID19, fraudsters may capitalise on slow networks and IT problems, to commit computer software service fraud. Be wary of cold calls or unsolicited emails offering you help with your device or to fix a problem

Lender Loan Fraud

People may be worrying about their finances during the #COVID19 outbreak. Lender loan fraudsters will use the opportunity to:

- approve your application for a fast loan regardless of your credit history

- ask you to pay an upfront fee

- take your payment and never provide the loan

Pension Liberation Fraud and Investment Fraud

Fraudsters could try to take advantage of the financial uncertainty surrounding #COVID19 by offering people sham investment opportunities. If you get a cold call or unsolicited email offering you a deal that sounds too good to be true, it probably is.

Mandate Fraud

As more people work from home due to #COVID19, fraudsters may try to get you to change a direct debit, standing order or bank transfer mandate, to divert funds to their bank account, by purporting to be an organisation you make regular payments to.

Phishing

A number of #COVID19 related phishing emails have been reported to Action Fraud. These emails attempt to trick you into opening malicious attachments which could lead to fraudsters stealing your personal information, logins, passwords, or banking details.

Update 26/03: The Government has only sent one text message to the public regarding new rules about staying at home to prevent the spread of COVID-19. Any others claiming to be from UK Government are false.

“Criminals are able to use spoofing technology to send texts and emails impersonating organisations that you know and trust. We would remind anyone who receives an unexpected text or email asking for personal or financial details not click on the links or attachments, and don’t respond to any messages that ask for your personal or financial details.

Scam text 'issues fine' to people leaving house

 GETTY IMAGES

The message claims to have been sent by GOV.UK

A scam text has been sent telling people they are being given a £250 fine because they have been out of the house "more than once".

The message claims to have been sent by GOV.UK and claims the fine is due to "irresponsible behaviour".

It goes on to say the charge could increase to £5,000 and/or arrest and payment will be taken automatically.

West Mercia Police advised anyone who received the text to report it to Action Fraud UK.
Image Copyright @WMerciaPolice@WMERCIAPOLICE
Report

Windows 10 remote work bug: Microsoft races out this emergency fix

Windows 10 users can manually install the new patch to fix internet connectivity problems.

 By Liam Tung | March 31, 2020  | Topic: Working from home: The future of business is remote


Microsoft has released an emergency update to fix a Windows 10 bug that has been causing internet connectivity issues for users and preventing some Office 365 setups from reaching the cloud.

The company confirmed the internet connectivity bug on Thursday, which affected PCs and servers running all supported versions of Windows 10 devices that are using a proxy, especially with a virtual private network (VPN).

The bug couldn't have come at a worse time as employees work remotely en masse under government-sanctioned lockdowns or to practice social distancing amid the coronavirus COVID-19 pandemic.

The outbreak has led to a boom in the use of VPNs over the past three weeks, with internet-device search engine Shodan reporting this week that VPN use is up 33% while Remote Desktop Protocol (RDP) use is up 41% over the period.

Microsoft appears to have considered the bug extremely serious, last week estimating it should have a patch available in early April. But it has beaten that target, with an update now available to manually install from the Microsoft Update Catalog.

The patch is not being released to all users automatically via Windows Update, and Microsoft recommends that only users affected by the problem should install the fix.


"An out-of-band optional update is now available on the Microsoft Update Catalog to address a known issue whereby devices using a proxy, especially those using a virtual private network (VPN), might show limited or no internet connection status," Microsoft said on the Windows message center.

"We recommend you only install this optional update if you are affected by this issue."

There are updates available for Windows 10 version 1909 back through to version 1709.

The bug had the potential to be a serious drain on productivity for remote workers, depending how company applications had been configured.

Microsoft had warned that devices with the connectivity issue might also have problems reaching the internet using applications that use WinHTTP or WinInet. Affected applications included Microsoft Teams, Microsoft Office, Office365, Outlook, Internet Explorer 11, and some versions of Microsoft Edge.

The bug affected Windows 10 devices with updates installed from February 27 and onwards.

Distributed disruption: Coronavirus multiplies the risk of severe cyberattacks


 Marc Wilczek, COO, Link11
March 31, 2020

The coronavirus pandemic is upending everything we know. As the tally of infected people grows by the hour, global healthcare, economic, political, and social systems are bending and breaking under the strain, and for much of the world there’s no end in sight. But amid this massive wave of disruption, one thing hasn’t changed: the eagerness of cybercriminals to capitalize on society’s misfortune and uncertainty to sabotage, cripple, mislead and steal.



New states of emergency are being declared every day as the virus keeps spreading. Confirmed cases have meanwhile been reported in more than 150 countries on six different continents. Nations and organizations everywhere are working around the clock to flatten the COVID-19 curve by imposing remote work policies, travel bans, and self-isolation.

In an unprecedented time like this, the reliance on the Internet is growing exponentially, turning the data highway into an even more indispensable channel for communication, information sharing, commerce, and everyday social interaction.
The Internet lifeline

To prevent their phone lines from being overwhelmed with information requests, governments around the globe are making digital the default communication stream and directing citizens to the official websites of their health ministries or public health agencies for COVID-19 updates. People are hitting Facebook and other social media like never before to keep up with and share the latest news. Telecom giant Vodafone has reported a 50% surge in European internet use, and Netflix has been requested to cut its bitrate in Europe for 30 days in order to prevent the Internet from collapsing.

In this context, a cyberattack that denies organizations or families access to their devices or data could be catastrophic. In a worst-case scenario, one or more cyberattacks could cause broad-based infrastructure shutdowns that take whole communities or cities offline and further hinder already overburdened healthcare providers, transportation systems and networks.

Germany, Italy and Spain are among the many countries and jurisdictions (like New York and California) that have implemented draconian measures to limit the spread of the COVID-19 virus. Non-essential businesses have been made to close, and people to stay at home. Consequently, citizens are relying heavily on delivery services, which continue to operate. However, in Germany, cybercriminals recently unleashed a DDoS attack on one of the largest home delivery platforms, which affected customers and owners of more than 15,000 restaurants across the country. The criminals asked for two bitcoins (worth roughly $11,000) to stop the siege.

A few days earlier, the U.S. Department of Health and Human Services (HHS) suffered a DDoS attack, assumed to have been launched by a hostile foreign actor, aimed at slowing down the agency’s services amid the government’s rollout of a response to coronavirus. The incident allegedly tried to overload HHS servers with millions of hits in just hours. The attack in the US occurred just two weeks after Australia’s federal cyber agency warned that Australian banks were in the crosshairs of extensive DDoS extortion campaigns.

Especially digitally-advanced industries with a heavy dependence on internet connectivity are more vulnerable than ever. Europol’s “Internet Organised Crime Threat Assessment 2019” report notes that – besides the public sector and financial institutions – travel agents, Internet infrastructure, e-commerce, and online gaming services were lucrative targets for DDoS extortionists.
The perils of DDoS attacks on VPN servers

When it comes to remote work, VPN servers turn into bottlenecks. Keeping them secure and available is a number-one IT priority. Hackers can launch DDoS campaigns on VPN services and deplete their resources, knocking out the VPN server and limiting its availability. The implications are clear: Since the VPN server is the gateway to a company’s internal network, an outage can keep all employees working remotely from doing their job, effectively cutting off the entire organization from the outside world.

During an unprecedented time of peak traffic, the risk of a DDoS attack is growing exponentially. If the utilization of the available bandwidth is very high, it does not take much to cause an outage. In fact, even a tiny attack can become the last nail in the coffin. For instance, a VPN server or firewall can be taken down by a TCP blend attack with an attack volume as low as 1 Mbps. SSL-based VPNs are just as vulnerable to an SSL flood attack, as are web servers.

Making matters worse, many organizations either use in-house hardware appliances or rely on their Internet carrier to ward off incoming attacks. These deployment models tend to run with low levels of automation, requiring human intervention of some sort to operate. If someone or something throws a digital wrench into the system, fixing the problem remotely will be an uphill battle if there are few or no IT staff on-site. Since these deployment models typically require 10 or even 20 minutes before they even detect an incident, any attack will almost inevitably cause a major outage.
APIs and web apps broaden the attack surface

The Application Programming Interface (API) is a key part of every cloud service or web app. APIs enable service integration and interoperability – by, for instance, enabling any given app to process a payment from PayPal or a client’s credit account in order to complete the transaction. But they can also turn into single point of failure that expose companies to a wide variety of risks and vulnerabilities. When a business-critical application or API is compromised, it knocks out all the operations related to the business and initiates a potentially devastating chain reaction.

Guarding against or managing application layer attacks – such as an HTTP/HTTPS flood – is especially difficult, as the malicious traffic is hard to distinguish from regular traffic. Layer-7 attacks are in that sense highly effective, as they require little bandwidth to create a blackout.
Cybercrime exploits anxiety

Cybercriminals take advantage of human foibles to break through systemic defenses. In a crisis, especially if prolonged, IT people run the risk of making mistakes they would not have made otherwise. Attackers might cut off system administrators from their own servers while they run virtually rampant through the company network, steal proprietary data, or ingest ransomware. Any downtime can alienate customers, erode trust and cause negative publicity, even anxiety.

Organizations should remain vigilant and prepare for attacks in advance, before they occur, as this sort of incident can be very difficult to respond to once the attack unfolds. Companies should also continue to opt for cloud services to take advantage of scalability, and higher bandwidth to maintain redundancy. Most importantly, during times of remote work and self-isolation, radical security automation is more important than ever in order to ensure an instant response and get human error out of the equation.

Hacker hijacks YouTube accounts to broadcast Bill Gates-themed crypto Ponzi scam


UPDATE: Microsoft says none of its verified accounts were hacked. YouTube has also intervened to take down the scam's live streams.

 By Catalin Cimpanu for Zero Day | March 30, 2020


Image: ZDNet

A hacker has hijacked tens of YouTube accounts, renamed them to various Microsoft brands, and is currently broadcasting a cryptocurrency Ponzi scam to tens of thousands of users, posing as a message from the company's former CEO Bill Gates.

The hacks are part of a growing issue on YouTube, where hackers hijack popular accounts to broadcast a classic "crypto giveaway" -- where victims are tricked into sending a small sum of cryptocurrency to the scammer in order double their earnings but never get any funds in return.

Such scams were once very common on Twitter, but have now moved to YouTube in recent months as Twitter began cracking down on users posing as verified accounts.

At the time of writing, a hacker appears to have taken over 30+ YouTube profiles from where they are live streaming an old Bill Gates talk on startups that the former Microsoft CEO gave to an audience at Village Global in June 2019, but also asking users to participate in a scammy giveaway.

Image: ZDNet

The cryptocurrency Ponzi scheme is currently live streaming on the YouTube accounts using names such as Microsoft US, Microsoft Europe, Microsoft News, and others. Spokespersons for Microsoft and YouTube denied that hackers breached any of Microsoft's verified official accounts, although some users reported scam streams appearing on non-verified Microsoft accounts.

However, the vast majority of live streams were airing on YouTube channels with high subscriber counts, hijacked from YouTube users and later renamed to appear as legitimate Microsoft accounts, in an attempt to amplify the hack and give it an air of legitimacy.

Some of the Bitcoin addresses listed in the scams had received thousands of US dollars at the time of writing, suggesting the scam had fooled at least some users.


Based on YouTube stream stats, tens of thousands have seen the video feeds.

Microsoft was not the only organization impacted by the mass hijack and defacement incident. The Chaos Computer Club, a famous Germany-based hacking community, has also had its account hijacked to broadcast a similar message. The YouTube account of YouTube's founder was also hacked in the same manner in January. Furthermore, the Microsoft CEO is not the only popular figure to have his name abused in this way. Many past crypto-scams impersonated figures from the cryptocurrency community.