COVID-19 is being used to exploit people’s fears in a variety of ways, says PwC expert

Spreading fake news about COVID-19 itself may not be criminal, but it definitely can lead a gullible person into the hands of cybercriminals. Fear that coronavirus generates makes it easier for malicious actors to trick people into believing conspiracy theories and falling for online scams.

Have you heard Donald Trump asserting that children were “almost immune from COVID-19”? Well, that was fake news. Children might experience milder symptoms of the coronavirus, but they are not immune from it.

One might say that hoaxes about coronavirus spread faster than the virus itself. According to Europol, fake news puts people at risk of promoting fake products and services, such as fake COVID-19 tests and vaccines, promoting a false sense of security, and promoting suspicion of the official guidelines and courses.

Fake news about COVID-19 contributes to the anxiety in communities, and therefore can facilitate the execution of cyberattacks.

Who profits from this infodemic?

“It might be cybercriminals seeking to make financial gain through using COVID-themed phishing emails or generating ad revenue,” Louise Taggart, Threat Intelligence Analyst at PwC, told CyberNews.

Interpol reported that between January and April its private partners observed 900,000 spam messages, and 48,000 malicious URLs related to COVID-19.

“Cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities. Malware, spyware, and Trojans have been found embedded in interactive coronavirus maps and websites. Spam emails are also tricking users into clicking on links that download malware to their computers or mobile devices,” observes Interpol.

Between January and April its private partners observed 900,000 spam messages, and 48,000 malicious URLs related to COVID-19,

reported Interpol.

Fake news and cybercrime is set to rise

“The topic is certainly being used to exploit people’s concerns in a variety of ways, and I would anticipate that whilst it remains a global health issue, this will remain the case, unfortunately,” Louise Taggart told CyberNews.

Interpol also forecasts that the increase in cybercrime is highly likely in the near future: “When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.”

According to the Guardian, more than 170 teams of researchers are racing to develop a safe and effective vaccine. As the whole world is anticipating news, fraudsters are looking for ways to ride this spike of public interest in the topic.

So what is the purpose of creating this infodemic, and who is profiting from it?

“There isn’t one single purpose that can be pointed to, but some potential motives can certainly be identified. It might be political opponents, who are seeking to capitalize on a particular government’s COVID response or policies; it might be cybercriminals seeking to make financial gain through using COVID-themed phishing emails or generating ad revenue; it might be to exacerbate existing societal divisions to gain influence,” said Louise Taggart.

According to the survey conducted by Interpol, nearly 30% of countries that responded to the global cybercrime survey confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings, with the majority containing concealed malware.

“There are also reports of misinformation being linked to the illegal trade of fraudulent medical commodities. Other cases of misinformation involved scams via mobile text-messages containing 'too good to be true' offers such as free food, special benefits, or large discounts in supermarkets,” reported Interpol.

Fake news in disguise

When experts talk about fake news, they refer to two main areas - misinformation and disinformation. Misinformation is false information shared by misinformed or misguided individuals, without malicious intent, while disinformation refers to false information shared with the explicit intention to deliberately mislead its audience.

For misinformation, it’s normally individuals who are most likely to be exposed to this type of ‘fake news’, which is often driven by biases or conspiracy theories.

“However, that’s not to say that governments or companies aren’t affected by it - here in the UK, the conspiracy theories linking 5G technology to the spread of COVID, for example, have affected technology companies infrastructure and employees, and also prompted the DCMS to issue a rebuttal,” Louise Taggart said.

We might see disinformation purposefully being spread to take advantage of people who are more susceptible to divisive content, such as topics spread through misinformation,

Louise Taggart said.

For disinformation, this can be a slightly more complicated picture. It targets both individuals and companies.

“We might see disinformation purposefully being spread to take advantage of people who are more susceptible to divisive content, such as topics spread through misinformation. Organizations and governments are equally at risk of being the targets of disinformation - this might be, for example, allegations around the origin of the virus, treatment or its transmission. Equally, disinformation campaigns can be part of what are termed wider ‘influence campaigns’,” told Louise Taggart.

According to her, the ways that fake news is disseminated can run from being pretty crude through to fairly sophisticated.

“It might be the use of a botnet of fake social media accounts to push a certain agenda or message through something like a specific hashtag. Or it might be fake stories being planted and then picked up by ‘alternative’ news sites, which then makes its own way into the wider news ecosystem and eventually ends up on a mainstream channel or platform, often now several steps removed from the original, dubious, source,” the analyst at PwC said.

Kieren Lovell, Head of CERT Estonia, notes that quarantine became a favorable circumstance for hackers, reports Startup Lithuania. They started using the COVID 19 crisis to fish for personal or financial data. As people might be panicking because of the health or economic crisis that may arise, it gets easy to manipulate their fear by sending fake crisis-related emails. Kieren says it’s important for us to keep up and stay informed and stop clicking vague links in emails, even when panicking.