Coronavirus spawns online scams targeting African users

In April, Mzolisi Toni, the acting director of South Africa’s Ministry of Social Development, was alerted to an odd social media posting.  It claimed that he had authorised members of the Scientology Volunteer Ministries to go door-to-door for the purposes of sanitising homes against the coronavirus. He was forced to quickly issue a statement that this was completely false and was likely to be an attempt by people to gain entry to private homes. 

A few weeks later, the head of Listed Property at South Afrrican asset management firm Stanlib, Killien Ndlovu, found out that there were Whatsapp messages circulating in his name that encouraged people to make specific investments to a coronavirus fund he was managing. Again, this was completely false and had nothing to do with him. 

As the coronavirus crisis sinks its claws deeper into the African continent, the generosity and goodwill of members of the public is being tested and undermined by a spike in fraudulent schemes that have arisen to take advantage of the situation. Phishing email attacks were up 600 percent in the first quarter 2020, according to security awareness firm KnowBe4, and 10 percent of those phishing attempts were using coronavirus messaging directly to solicit a response. This shouldn’t come as a surprise. Fraudsters realized quickly that the amount of online traffic seeking information about the pandemic would skyrocket. It’s a fertile hunting ground in a continent like Africa where poverty and hunger are guaranteed to surge in the wake of the pandemic and the lockdowns being used to battle the virus — desperate people with sophisticated mobile devices are an easy mark for determined scammers. 

Local Scams With Global Footprints

While Africans are clearly being targeted for exploitation, the phenomenon is global in nature. “Cybercrime is a global issue,” said Susan Potgieter, the acting CEO of SABRIC, the South African Banking Risk Information Center. “Criminals use social engineering and target their victims on digital channels so it makes no difference where the victim is situated physically, as long as they are accessible on digital channels.”

Research conducted by Jean le Roux of the Digital Forensic Research Lab in Cape Town seems to confirm this. By analysing the source code, he exposed the workings of  “a relief promotion scam” that targeted South Africans but originated in Hong Kong for the online publication Daily Maverick.  The campaign was being run by a Hong Kong-based digital marketing agency known as Planet49, with the goal to “entice WhatsApp users to not only share the promotion with several of their WhatsApp contacts, but also consent to Planet49 selling their personal information to third parties.”

It achieved this by mimicking the visual style and content of prominent retail chains in Africa, like Woolworths and Shoprite, and urged its victims to share the campaign with their contacts in exchange for groceries to the value of R5,000 (US$268).

Le Roux concluded his investigation by noting “in a country rife with unemployment and inequality, the promise of a substantial voucher in exchange for personal information seems enticing.”

The WHO steps in with advice and warnings

Early on in the pandemic, the World Health Organization realized that the outbreak would be fertile ground for scammers, and that if anyone was contacted by someone claiming to be from the WHO, they should first take steps to verify the authenticity of the claims. 

The WHO gave some examples of the suspicious activities they were seeing, including:

• Asking for login information, 
• Sending unasked-for email attachments, 
• Directing people to a website other than www.who.int 
• Asking for direct donations to emergency response plans or funding appeals

One of the most obvious changes that the pandemic has wrought is the fact that so many people are now forced to work from home and connect digitally to their colleagues and business infrastructure. 

In a best case scenario this would not necessarily make corporate users more vulnerable to scams. “People who were working in an office environment and are now working from home generally have access to the same infrastructure which is configured and monitored by their company’s cybersecurity experts,” Potgieter noted.

That may be true for large enterprises, but in many cases, the IT infrastructure that startups and smaller companies are using is often cobbled together from various free cloud services, which make them harder to monitor. Furthermore, in a home environment, where parents and children are all attempting to work and keep up with school, laptops are more vulnerable than usual.

So while corporate infrastructure shouldn’t be necesarily compromised by remote working, Potgieter concedes that these are the kinds of circumstances where, “employees may be confronted with risks that make them more susceptible.”

SABRIC acknowledges how many of these phishing scams are difficult to spot when they are happening. “Cybercriminals are also using SMS Phishing, more commonly known as SMishing, to trick victims into clicking on a link disguised as information on a Coronavirus breakout in their area to steal their credentials,” according to a SABRIC alert. “Some of these texts claim to provide free masks or pretend to be companies that have experienced delays in deliveries due to the Coronavirus. Once criminals have the correct level of confidential information about a victim’s bank account, they can impersonate the victim and transact using the correct credentials but without authority.”

How to deal with phishing attempts

The only real antidote to these tricks is eternal vigilance. There are no exceptions to the basic rules. Do not click on links or icons in unsolicited emails and do not reply directly to these emails. Delete them immediately and empty out your email trash bin if you are at all suspicious. Spend some time on a site to make sure that it is real before you begin entering your personal information or sharing your private data. 

Maintain a skeptical attitude toward any emails, Whatsapp messages or social media posts that arrive out of the blue, even if you recognize the names they are associated with. If you are planning to act on the information you have received, it may be worth first making contact, via a different channel, just to make sure that it’s a genuine offer or plea for help. 

“Criminals are opportunistic and predatory and are constantly on the hunt for new ways to exploit their victims to steal their cash,” Potgieter said. “The advent of COVID-19 has created panic which cybercriminals are exploiting for their own gain to spread Coronavirus scams. As mentioned, Coronavirus scams use social engineering to exploit people’s concerns for their health and safety and pressure them into being tricked. There are continuously new entrants into the world of crime so perpetrators are most likely old groups using new tactics as well as new scammers wanting to make fast money by exploiting the pandemic.”