Marnix Van Gelderen
Regional Security Coordinator
As the novel coronavirus, COVID-19, continues to spread across the globe, killing thousands and bringing the world to a standstill, criminal and far-right extremist groups have seized on opportunities stemming from the crisis to further both their economic and ideological goals.
Dubbed by EUROPOL, the European Union Agency for Law Enforcement Cooperation, as ‘pandemic profiteering’, there has been a surge in Covid-19-related phishing and ransomware attacks and telephone fraud schemes in recent weeks. The scams have mostly been constructed around the fraudulent sale of medical, sanitising and personal protective equipment. Meanwhile extremist groups, especially on the far-right, have increasingly used COVID-19 as a means to disseminate xenophobic rhetoric and spread disinformation, which has come to the attention of the global media. In this article, we delve deeper into these types of ‘pandemic profiteering’.
Criminal exploitation of the COVID-19 outbreak
Cyber criminals and fraudsters are notoriously flexible and quick to react to new opportunities to increase revenue. The COVID-19 outbreak has led to increased demand for certain medical and sanitising supplies, such as soap, hand sanitizer, face masks and vitamin and mineral supplements. This demand has been matched in a surge in counterfeit goods and ‘too good to be true’ purchasing opportunities that turn out to be fraudulent. Additionally, government social distancing measures has seen large portions of the workforce move to homeworking, using oftentimes less secure internet connections, and relying increasingly on technology to communicate and carry out tasks. The criminal underworld has taken advantage of these developments, and the expectation is that this will continue over the coming months. Targets have varied from normal citizens to large companies and organisations. In a recent report by EUROPOL, anecdotal cases are provided where companies have lost millions when attempting to purchase items from bogus sellers. One notable case includes a company in Singapore that reportedly spent 6.6 million euros on alcohol-based hand sanitising gels and facemasks that never arrived.
There has also been a reported increase in COVID-19-related cyber-attacks during the ongoing crisis, especially in the form of phishing and malware attacks. The drastic surge in homeworkers, often using less-secure devices and internet connections, has provided cyber criminals with a larger pool of vulnerable targets. We have seen cases of criminals sending COVID-19-related emails as ‘click bait’, luring the recipients into opening links that require them to fill in sensitive personal information such as usernames, passwords or bank details. The content of these emails varies significantly, but can include requests for charitable donations to help tackle the COVID-19 outbreak, offers of financial support and access to bogus medical and sanitising equipment. These emails and adverts may also contain malware and lead to ransomware attacks. This is where, through clicking on the link or advertisement, the victim unknowingly infects their device with malware, which subsequently encrypts content on the device, after which a demand for ransom usually payable via crypto-currencies is made to decrypt the content.
Far-right extremist exploitation of the COVID-19 outbreak
Far-right groups have used the current crisis to develop conspiracy theories and sow socially divisive narratives to further their xenophobic and anti-democratic ideological agendas. Reports indicate that the outbreak has resulted in a notable uptick in far-right disinformation campaigns online, portraying, in particular, migrant, Jewish, Muslim and Chinese communities as scapegoats for the outbreak. Other far-right disinformation campaigns focus on the spread of anti-government and pro-authoritarian narratives, aimed at increasing far-right ‘accelerationism’ with the goal of undermining democratic and liberal values and ultimately leading to societal collapse.
The international think tank, the Institute for Strategic Dialogue, which monitors and works to counter polarisation, hate crime and extremism, has noted a rise in far-right COVID-19 disinformation campaigns on various online forums and social media platforms. Such campaigns include the spread of conspiracy theories, xenophobic rhetoric and fake news on popular social media platforms including Facebook and Twitter, as well as lesser known forums often used by the far-right such as 4chan and messaging applications such as Telegram. Examples include numerous tweets calling COVID-19 the ‘Chinese Coronavirus’, and messages blaming the outbreak on the migrant community or certain ethnic minorities; the Ukrainian far-right Azov movement reportedly used Telegram to spread messages stating that white people were not to blame for the outbreak and scapegoating ethnic minorities in Italy.
Risk mitigation advice
The exploitation of the current situation by malicious actors will persist over the coming months and is likely to become more sophisticated. Both companies and their employees will need to adopt sensible precautions and that will present additional challenges at a time where the relationship is ‘remote’. Employers should take necessary steps not to compromise cyber security whilst instructing employees to work from home, and individuals should be wary of strange or unexpected COVID-19 emails in their mail inbox. Individuals should refrain from clicking on any suspect links in the bodies of these emails, and similar caution should be taken when viewing online advertisements about COVID-19 related products or services. Only official government directives and advice from licensed medical providers should be followed, and any financial support should be obtained through the official channels communicated by respective governments.
People should also be cautious about the reliability of information on COVID-19 distributed on social media, forums and on various other media outlets. Disinformation can have a deeply negative effect on behaviour, perceptions and mental wellbeing. People’s behaviour at a time like this is to scour the internet for information; while employers cannot control what information their employees follow, companies can provide their own COVID-19 output that has been corroborated and is balanced and informed. In the absence of physical interaction, this kind of communication between the company and its employees is more important than ever. Outside of the workplace individuals are advised to refer mainly to official government websites and highly reputable media outlets for the latest information and medical advice in relation to the COVID-19 outbreak. Suspected disinformation on social media platforms should also be reported, as most social media companies have dedicated departments focused on tackling disinformation. While law enforcement and tech and social media companies across the globe are aware of these illicit activities and working to counter them, it is important that normal citizens are also alert to the increased risk and act accordingly.