Covid-19 and Fraud: A Social Pandemic?
By Charles Brown
Last week we discussed how Covid-19 has caused a surge in online activity, which has in turn impacted OSINT (Open Source Intelligence). This week we turn our attention to the increase in fraudulent activity that has resulted from the pandemic.
An increasingly vulnerable population
Covid-19 has caused huge fear and anxiety on a global scale. Concern about its impact on the health of our loved ones, the economy and the future is a terrible side-effect of the virus. Faced with these conditions we seem more willing to believe in miracle cures – medical and financial – from sources that we might not normally trust.
In March of this year, Action Fraud (the UK’s national fraud reporting centre) experienced a 400% increase in the number of reported frauds. The scale and impact of fraud and misinformation has even led commentators to suggest that we are witnessing a parallel social pandemic, or an ‘infodemic’.
Sale of fraudulent goods
Fraudsters often target high demand or high value goods such as the latest electronic devices and designer items. Due to Covid-19, personal protective equipment (PPE) has become increasingly valuable. As demand outstrips supply PPE is increasingly an ideal target for fraudsters across the globe.
Earlier this month US authorities arrested a man in Atlanta for attempting to con a federal agency into handing over $750 million for 125 million face masks – an order which the seller knew was impossible to fulfil. And here in the UK the National Cyber Security Centre has taken down more than 2000 online Covid-19 scams. These included “471 fake online shops that were selling fraudulent coronavirus-related items”.
Fake treatments and cures
So far there is no known cure for Covid-19 and knowledge about treatments is limited. Again, this is a perfect environment for fraudsters looking to sell fake treatments. In March alone, Interpol is reported to have identified 2000 adverts for medicines claiming to treat Covid-19. It also intercepted more than 34,000 fake products.
‘Treatments’ like these are incredibly dangerous because they stop people from receiving proper care. In the worse cases they can cause harm. That victims of this type of scam will have paid for these ‘treatments’ adds insult to injury.
Data and identity theft
The increase in working at home has also opened up opportunities for cyber criminals. When the lines between home and work becomes blurry, criminal access to personal data or sensitive business information is easier. According to a recent survey, 42% of people in the UK think they may have been targeted by phishing emails during the outbreak. The increase in cybercrime has been so marked that the UK National Cyber Security Centre (NCSC ) has launched a Suspicious Email Reporting Service. This allows victims of possible phishing to report it directly.
What is OSINT’s role?
In last week’s article we discussed the opportunities that growth in data brings for OSINT specialists. Fraud is another area where the skills of an OSINT practitioner are highly valuable. This is especially true for the prevention of procurement fraud.
Customer and supplier due diligence procedures mean that most businesses are likely to conduct background checks on companies selling PPE. But these checks are often limited to box-ticking activities which are less effective against experienced organised criminals.
Matthias Wilson, a well-known Munich-based OSINT professional and fraud expert, suggests that effective due diligence should go beyond standard screening activities. It should also involve activities to understand the seller’s general reputation and trading history. Analysing reviews on online marketing platforms is one measure that Matthias suggests, “The challenge here is to filter out the fake, mostly very positive, reviews.” He adds that “A look into a company’s domain may also reveal a lot of information. Answering questions such as “When was the domain registered?” and “What changes have been made to the website?” might also give a clearer picture of a company’s history and integrity.”
Due diligence exercises are common and often legally required for larger transactions, but it’s easy to overlook smaller sales. It’s vitally important that businesses increase scrutiny of these transactions in a risk -based and proportionate way. A little OSINT can prove effective in tackling fraud and saving lives.