Potential scammers imitate free COVID testing websites
The government’s website for free COVID tests, covidtests.gov, opened Jan. 18, along with a related site, special.usps.com, where users are encouraged to place an order with the Postal Service.
Area 1 Security Inc. identified more than 60 domain names, from January 13 through January 22, that “closely” resembled government website URLs, including covidtestsgov.com, covidtestgov.net, specialusps.com, specialuspscovidtest.com, and freecovidtestgov.org. It also found more than 200 domain names, from Dec. 19 to Jan. 22, that “vaguely” resemble the actual names of government websites. These include 4covidtests.com, covidrests.com, specialsps.com and spwcialusps.com.
Juliette Cash, senior threat researcher at Area 1 Security, said that simply registering a similar name does not prove the domains are malicious. But she added that these names are often used in cyberattacks. And because they’re newly registered, there’s very little history on the sites “so they can bypass typical defenses,” Cash said.
Domain scams didn’t start with the COVID-19 pandemic. Fraudsters have always sought to take advantage of world events, such as the Olympics or presidential elections, to trick people into opening malicious emails and then divulging their personal information. Still, the unique nature of the coronavirus pandemic — from health concerns and shifting government guidelines to ripple effects like job uncertainty — has been a boon for hackers.
The continued focus on breaking pandemic-related news, such as government efforts to ramp up testing and the Omicron wave, is very different from the types of email fraud that were popular before 2020, said Sherrod DeGrippo, Vice President of Proofpoint. on research and detection of threats.
“Typically it would be a scam saying something like ‘Look at my resume,'” she said. “COVID is special because people are always talking about it. If you miss an email with a shipping receipt, that’s okay. But if you miss a test result, that’s not good.
New domains that use sloppy spelling or slight variations can provide the web infrastructure to support a phishing operation, giving hackers a URL they can use as a disguise in the sender column of an email. -mail. Impersonating a legitimate sender — impersonating an accountant requesting a wire transfer, for example — helped thieves steal $1.8 billion from U.S. individuals and organizations in 2020, according to the FBI.
Virus-themed email fraud was already enough of a problem in April 2020 that the Department of Homeland Security issued a warning alert about a “high volume” of attempts, with subject lines warning recipients of non-existent epidemics in their community.
In some cases, spammers launch mass email campaigns in which messages arrive in users’ inboxes with spreadsheet attachments. The body of the message claims that the accompanying Excel file includes a list of colleagues who have tested positive for COVID-19, or who are to be laid off due to corporate restructuring related to the virus. A recipient who downloads the file, instead of satisfying their curiosity, infects their computer with the malware lurking there.
“The whole basis of social engineering is that it puts people in an emotional headspace where they take logic and put it in the back seat,” DeGrippo said. Covid has provided an attractive hook for hackers, as messages about the virus are simply not easy to ignore.
“Every time you see something that says ‘because of COVID,’ critical thinking tends to go out the window,” she said. “If you’re just a consumer at home, the key is to slow down and really read what you see and ask, ‘Is it okay to click on it?’