Pandemic-related scams have duped over 8,500 Canadians
The Canadian Centre for Cyber Security has announced that it has taken down thousands of fake government websites, emails, and notification apps – but data suggests that many Canadians still fell prey to these scams.
The centre’s spokesperson Evan Koronewski said that the fraudulent websites are impersonating the federal government to “deliver fake COVID-19 exposure notification applications, designed to install malware on users’ devices.” That malware was created to steal personal information or money from unsuspecting users.
The centre also revealed in its statement that it has helped remove more than 4,000 fraudulent websites and/or email addresses since March 15, 2020. Koronewski added that some cases, the sites pretended to be the Public Health Agency of Canada or the Canada Revenue Agency.
“This work continues each and every day as we identify and remove more of these fraudulent domains,” Koronewski told CBC News.
Although the centre would not reveal how many Canadians were victimized by these fraudulent websites and emails, data from the Canadian Anti-Fraud Centre found that there were 8,583 Canadian victims of pandemic-related fraud from March 06, 2020 to January 10, 2021.
The scams involved include tricking people into buying fake vaccines and test kits, identity theft, and ransomware attacks. The Canadian Anti-Fraud Centre also said on its website that COVID-19-related fraud has cost Canadians $7 million.
Fake Canadian government website takes advantage of COVID-19
A fake website claiming to be from the federal government of Canada is preying upon those seeking financial relief from the COVID-19 pandemic.
In a recent blog report, security vendor Proofpoint warned that multiple “threat actors” across the world have created fake websites posing as fronts for pandemic financial assistance programs – including Canada’s very own Emergency Response Benefit (CERB) website.
“Threat actors are continuing to try and take advantage of people worldwide as the pandemic continues—and most recently their efforts have included using fake websites, associated with COVID-19 financial assistance, to steal credentials,” the security company said in its blog post.
It found that the fake website copies the behaviour of the original CERB website – run by the Canada Revenue Agency. It even has a bilingual option, allowing users to switch between English and French language options, making for a very elaborate ruse. However, the fake website’s layout, colours, and branding do not match the ones depicted on the real website.
Proofpoint reported that of the over 300 phishing campaigns it has observed since the start of the year, more than half are scams aimed at gaining user credentials. The fake CERB website, in particular, asks users to provide their full name and social insurance number.
To trick users into visiting these fake websites, Proofpoint explained in its blog that credential phishing attackers usually send their victims emails that are specifically designed with themes that are most effective – in this case, financial assistance related to the pandemic.
“It’s clear threat actors follow trends closely. We’ve seen throughout the COVID-19 situation how threat actors have followed the news and adapted their themes to match the unfolding public narrative,” the Proofpoint blog noted. “The movement by governments in particular to offer financial support has caught the attention of threat actors who have moved not only to target those funds directly but to use them as themes for their malware and credential phishing attacks.”
Proofpoint concluded that as the pandemic situation continues, it expects these COVID-19-themed attacks to continue, and more threat actors offering additional tools to enable these attacks.
Source: by Lyle Adriano for Insurancebusinessmag.com