With trillions of dollars of financial aid being made available to help individuals and organizations weather the COVID-19 pandemic, it should come as no surprise there is now a massive wave of attempts being made to divert those funds into the hands of cybercriminals.
GroupSense CEO Kurtis Minder said the provider of cyber intelligence services is now seeing many more cases of cybercriminals using stolen personally identifiable information (PII) ranging from Social Security numbers to tax identification numbers to fraudulently claim COVID-19 benefits. Most of this fraudulent activity is being aimed at states overseeing the distribution of unemployment benefits and banks that have been enlisted by the Small Business Administration (SBA) to make loans to businesses, he said.
Most of this criminal activity leverages kits widely available on the Dark Web, Minder added, noting logins that purport to allow someone to log into several government websites associated with the Coronavirus Aid, Relief and Economic Security (CARES) Act using stolen credentials are being sold for less than $2.80 each. There are even loan fraud guides available for as little as $3.
Cybercriminals have even gone so far as to print fake checks from the U.S. Treasury that could be deposited into a bank account for the sole purpose of cashing them, he said.
Clearly, cybercriminals are counting on the fact that many financial institutions will be overwhelmed by the sheer number of loans being sought and the fact that bank tellers might not look twice at yet another Treasury check. There are tools available for identifying suspected instances of fraud but not every financial institution is able to afford them.
Naturally, financial institutions are now spending more time reviewing these loans, which only serves to exacerbate the current downturn in the economy while legitimate businesses wait for loans to be processed. Some businesses may one day even discover they were granted a loan they never applied for because cybercriminals filled out a loan application on their behalf and then diverted those funds into bank accounts they controlled.
In some respects, many of these scams are not new. Rather, methods of fraudulently gaining access to online accounts are now being tweaked specifically to take advantage of the COVID-19 pandemic crisis.
Of course, much of the PII data that cybercriminals are employing is either being scraped from social media sites or gathered via COVID-19 phishing attacks that are becoming increasingly sophisticated. Many people are working from home where they may not be as vigilant about clicking on links or downloading a document loaded with malware. Unfortunately, with many more individuals now out of work around the globe, the number of potential purveyors of these phishing attacks is also likely to increase.
It may never be known how much money might be pilfered via these scams. However, even 1% of $2 trillion is a very large number, indeed. More troubling still, much of those ill-gotten gains will be reinvested into malicious botnet platforms that have become that much larger and more advanced.