Spam Articles - H  2020 1  2  3  4  5  6  7  8  Spam List - H  2021  2020  2019  2018  1  Spam blog  Spam blog

SilverTerrier BEC scammers target US govt healthcare agencies
10.5.2020  Bleepingcomputer  Spam

Government healthcare agencies, COVID-19 response organizations, and medical research facilities from across the globe were the targets of Business Email Compromise (BEC) phishing campaigns coordinated by multiple Nigerian BEC actors during the last three months.

BEC aka EAC (short for Email Account Compromise) scammers are known for using social engineering via phishing attacks or hacking to switch the bank accounts used by an organization's financial department to wire out funds.

The Nigerian BEC actors tracked as SilverTerrier y Palo Alto Networks' Unit 42 threat intelligence team since 2014 were seen switching to COVID-19 themed lures from January 30 to April 30.

Unit 42 attributed 2.1 million BEC attacks to the SilverTerrier actors since they began tracking their activities, with an average of 92,739 BEC attacks per month during 2019 and peaking at 245,637 BEC attacks in June.

They are also known for using malicious tools like information stealers (Agent Tesla, AzoRult, Lokibot, Pony, and PredatorPain) and remote administration tools (RATs) (Netwire, DarkComet, NanoCore, Remcos, ImminentMonitor, Adwind, Hworm, Revenge, and WSHRat) to maintain access and steal sensitive information from their victims after they manage to compromise their networks.

COVID-19 response orgs under siege
As they say in a report shared with BleepingComputer, these recent SilverTerrier attacks have targeted a large array of organizations from government healthcare agencies, local and regional governments to large universities with medical programs/centers, regional utility entities, medical publishing and research firms, and insurance companies.

The SilverTerrier BEC actors sent over 170 spear-phishing emails to entities from the United States, the United Kingdom, Australia, Canada, and Italy.

"While broad in their targeting, these actors have exercised minimal restraint in terms of targeting organizations that are critical to COVID-19 response efforts," the researchers explain.

BEC phishing email sample (Unit 42)
Unit 42 tracked the activities of three SilverTerrier BEC actors, with the first one launching eight campaigns between January 30 and April 8, with phishing emails sent in a variety of languages targeting a wide range of organizations from several countries with COVID-19-themed lures and malicious payloads.

The second SilverTerrier actor — associated with the Alhaji name — ran a single COVID-19-themed BEC campaign between March 17 and 18th with attachments dropping the LokiBot malware, while the third BEC actor known as BlackEmeka was active on March 23 and 24, dropping malicious payloads via PowerShell scripts.

Victims' devices also infected with info stealers, spyware
The phishing emails sent by the actors behind these BEC campaigns also dropped hundreds of samples of Agent Tesla and NanoCore remote access trojans, the LokiBot and Formbook info stealers, as well as PowerShell scripts that would later download malicious payloads on the victims' devices.

"As 2020 progresses, the most prominent threat facing customers is commodity malware deployed in support of sophisticated BEC schemes," Unit 42's report adds.

Sample malicious attachment (Unit 42)
Besides advising organizations that could be targeted by such attacks to implement spam filtering and to keep Windows hosts up-to-date, the researchers also urge them to make sure that all their systems are patched against the CVE-2017-11882 Microsoft Office memory corruption vulnerability.

This security flaw is often used in SilverTerrier BEC attacks to execute code remotely and to infect their targets with malware payloads downloaded from attacker-controlled servers.

More information on the SilverTerrier campaigns and indicators of compromise including hashes of malware samples, domains, dynamic DNS hosts, and IP addresses used in the attacks are available at the end of Unit 42's report.

$1.8 billion lost to BEC scammers in 2019
Last month, the FBI warned government agencies and health care organizations of ongoing BEC schemes exploiting the COVID-19 pandemic.

FBI's Internet Crime Complaint Center (IC3) also issued a public service announcement during early-April, warning of cybercriminals abusing popular cloud-based email services as part of BEC attacks.

That was the second time within a month that the US intelligence and security service warned of malicious actors abusing cloud email to conduct BEC scams, with a private industry notification (PIN) on the same subject having been released on March 3.

IC3's 2019 Internet Crime Report published in February says that BEC was the cybercrime with the highest reported total victim losses during last year as it reached roughly $1.8 billion in both individual and business losses.

IC3 also issued a Public Service Announcement (PSA) in September 2019 warning that BEC scams are continuing to grow every year, with victim complaints reporting more than $26 billion in total exposed dollar losses between June 2016 and July 2019, and a 100% increase in the identified global exposed losses between May 2018 and July 2019.

Google updates Chrome Web Store policy to block extension spam
3.5.2020  Bleepingcomputer  Spam

Google today updated the Chrome Web Store's spam policy to block extension spam so that users can have a real chance to avoid potentially malicious extensions while sifting through 200,000 add-ons available in the store.

Chrome extensions delivering similar functionality to others already published to the store, extensions with misleading information, extensions used only for launching apps, webpages, or other similar resources, and extensions abusing notifications for malicious or annoying purposes will be removed or blocked on submission starting with August 27, 2020.

Google says that "the increase in adoption of the extension platform has also attracted spammers and fraudsters introducing low-quality and misleading extensions in an attempt to deceive and trick our users into installing them to make a quick profit."

"We want to ensure that the path of a user discovering an extension from the Chrome Web Store is clear and informative and not muddled with copycats, misleading functionalities or fake reviews and ratings," the company added.

Developers are also forbidden from attempting to manipulate their extensions placement in the Chrome Web Store, which means that inflating their ratings, download, counts, or posting fake reviews will get them kicked out of the store.

This is the full list of spam policy updates designed with the quality of Chrome extensions in mind:

• Developers or their affiliates should not publish multiple extensions that provide duplicate experiences or functionality on the Chrome Web Store.
• Extensions should not have misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata, including but not limited to the extension’s description, developer name, title, icon, screenshots, and promotional images. Developers must provide a clear and well-written description. Unattributed or anonymous user testimonials in the app's description are also not allowed.
• Developers must not attempt to manipulate the placement of any extensions in the Chrome Web Store. This includes, but is not limited to, inflating product ratings, reviews, or install counts by illegitimate means, such as fraudulent or incentivized downloads, reviews and ratings.
• Extensions with a single purpose of installing or launching another app, theme, webpage, or extension are not allowed.
• Extensions that abuse, or are associated with the abuse of, notifications by sending spam, ads, promotions, phishing attempts, or unwanted messages that harm the user’s browsing experience are not allowed. Extensions that send messages on behalf of the user without giving the user the ability to confirm the content and intended recipients are also not allowed.

The new Chrome Web Store spam policy can be found within Google's Developer Program Policies.

More information about today's changes and how they apply to Chrome extensions are available on the Spam policy FAQ page.

Google also has a problem with malicious extensions reaching its web store, as shown by the removal of 500 copycat and malicious Chrome extensions in February 2020.

These extensions were used to launch malvertising attacks that impacted the web browsers of roughly 1.7 million users according to Cisco's Duo Security team, allowing the attackers to collect and steal sensitive data while evading Google Chrome Web Store's fraud detection.

Rogue affiliates are running fake antivirus expiration scams
2.5.2020  Bleepingcomputer  Spam

Rogue security software affiliates are sending emails that falsely tell recipients that their antivirus software is expiring and then prompt them to renew their license so that the affiliate can earn a commission from the sale.

A software affiliate is a third-party that refers visitors to a software company to earn a commission from the sale of their software.

All legitimate companies that offer an affiliate program have strict guidelines on how to promote their software and prohibit misleading and false advertising from tricking people into purchasing software.

Scam emails state your antivirus software is expiring
Over the past week, BleepingComputer became aware of scam emails being sent that tell recipients that their Norton and McAfee antivirus software is expiring that day and prompting them to renew their license.

We became aware of this new scam after being told about it by two seniors who received the emails, with one of them falling for the scam and purchasing the software, thinking the email was legitimate.

The scam starts with emails containing a subject similar to "WARNING: Anti-Virus Can Expire " Sun, 26 Apr 2020"", which contains a link stating, "Your Protection Can Expire TODAY!".

When the link is clicked, the user will be redirected through the DigitalRiver affiliate network, which drops a tracking cookie on the browser, and then redirects the user to a purchase page for Norton or McAfee as shown below.

Affiliate scam: From email to purchase page
When a victim purchases the software, the affiliate will earn anywhere between a fixed $10 commission or 20% of the total sale. For the scam shown above, this would net the rogue affiliate approximately $10 per sale.

Affiliates who have large volumes of sales will typically earn a higher commission rate.

How to avoid falling prey to these scams
Most antivirus software will alert a customer that their license is expiring via notification from the software, but some companies do send emails as "reminders" about expiring licenses.

As email scammers tend to send their scams to large lists of email addresses without knowing what antivirus software a recipient is using, the first step is to make sure you have the mentioned antivirus software installed.

If it is installed, open the software and check when your license expires.

If it is expiring, you should instead renew the license through your software or by going directly to the web site of your security software.

If you have mistakenly fallen for this scam and purchased a license, be sure to contact your credit card company and dispute the charge as fraud.

BEC gift card scams switch to online stores due to pandemic
12.4.2020  Bleepingcomputer  Spam

Scammers behind business email compromise (BEC) attacks have adjusted their tactics to match the current situation given the tens of millions of employees working from home during the COVID-19 outbreak.

While normally, they've been attempting to convince victims to buy gift cards as a quick favor to one of their company's executives, they've now switched to asking them for digital gift cards since brick and stone stores are now either closed or a lot harder to reach due to lockdowns.

"All a threat actor needs to do is ask unsuspecting victims to send them a picture of the physical gift cards, which can then be sold for roughly 70% of face value in bitcoin," Agari researchers who discovered this recent development explain.

"This tried and true method is a gateway for laundering money and it isn’t just for BEC gangs, either," they add. "But in the age of shelter-in-place orders and quarantines, this approach won’t cut it anymore."

For instance, two Chinese nationals were charged in early-March for allegedly laundering millions of dollars worth of cryptocurrency for the North Korean-backed Lazarus Group by converting them into Chinese yuan and Apple gift cards

Online stores are always open
The hook used by the scammers to trick their victims is still the same: while impersonating their company's CEO or another executive, they ask them to buy digital gift cards for any number of reasons such as an employee bonus or a vendor payment.

At some point during the exchanged messages, the crooks will tell the victims to continue the conversation over SMS to circumvent email protections that could potentially catch on and reveal their scam.

While before the pandemic, victims were asked to buy the gift cards from a nearby store, scammers will now ask them to buy online, bypassing limits imposed on in-store gift card purchases and leading to a lot higher payouts.

"One BEC group we track that usually requests checks from BEC victims—a gang we’ve code-named Exaggerated Lion—has recently included gift card requests in their repertoire, asking for as much as $15,000 in 'surprise' gift cards for employees," Agari's research team said.

BEC scammers asking for digital and physical gift cards (Agari)
Stolen money harder to track as digital gift cards
Right before the current COVID-19 outbreak, Agari also observed BEC crime rings asking their targets to get gift cards from local pharmacies like CVS and Walgreens or from other businesses deemed "essential" by the US government to avoid sending the victims to already closed shops.

"While we don’t yet have concrete evidence about how these stores come into play, it seems a safe assumption that victims asked to buy gift cards either comply, or are refusing to venture out and are instead looking for safer alternatives to make the purchase," Agari found.

"The safest way for the scammers to cash out is through digital gift cards, and they just started doing it."

What makes such scams harder to investigate is the lack of a central tracking system that would allow following the money while being exchanged to fiat currency.

This and the fact that using digital gift cards allows the scammers to get an even bigger payout will most certainly lead to this new method being adopted by most BEC crime rings.

Increasing number of pandemic related BEC attacks
FBI warned yesterday of a boost in the number of BEC scams that exploit the COVID-19 pandemic, with scammers targeting US municipalities, financial institutions, and bank customers.

"Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19," the FBI said.

A BEC scam group tracked by Agari researchers as Ancient Tortoise were the first spotted while using the COVID-19 pandemic as leverage in BEC attacks as BleepingComputer reported last month.

FBI's Internet Crime Complaint Center (IC3) published its 2019 Internet Crime Report in February revealing that BEC was the cybercrime behind the highest reported total victim losses in 2019, as it reached around $1.8 billion in reported losses.

Scammers target Australians financially affected by pandemic
12.4.2020  Bleepingcomputer  Spam

Australians that were financially impacted by the COVID-19 pandemic are targeted by scammers attempting to get their hands on victims' superannuation funds partially released starting mid-April.

Superannuation (aka super) is also referred to as a company pension plan and it is a partly compulsory system requiring Australians to deposit a minimum percentage of their income into an account that will provide them with an income stream after retirement.

"Individuals affected by the coronavirus can access up to $10,000 of their superannuation in 2019-20 and a further $10,000 in 2020-21," as the Australian government announced on April 2. "You will be able to apply for early release of your superannuation from 20 April 2020."

With roughly 360,000 jobless or financially affected Australians due to the current pandemic having already applied for an early superannuation release per the ABC, cybercriminals are trying their best to trick them into handing over the info needed to get illegal access to those funds.

Cold calls for financial info
The Australian Competition and Consumer Commission (ACCC) says in a Scamwatch alert that the scammers are seeking to collect personal info from Australians in need of financial support, including information that will allow the crooks to fraudulently access the targets' superannuation funds.

"Scammers are cold-calling people claiming to be from organisations that can help you get early access to your super," ACCC's Deputy Chair Delia Rickard said. "For most people, outside of their home, superannuation is their greatest asset and you can’t be too careful about protecting it."

"The Australian Taxation Office is coordinating the early release of super through myGov and there is no need to involve a third party or pay a fee to get access under this scheme.

"Never follow a hyperlink to reach the myGov website. Instead, you should always type the full name of the website into your browser yourself," she added.

This new early-access scammer scheme targets a wide range of age groups, unlike previous scam attempts that usually targeted older people.

While there were over 80 reports of such scams since the government announced the early release of this financial help measures for pandemic affected Australians, none of them have led to financial losses.

According to some of the reports the crooks have also offered to check if a target's super account is eligible for additional benefits or claimed that the new support scheme is designed to lock people out of their accounts.

Don't fall for the scammers' tricks
During 2019, Australians lost over $6 million to superannuation scams according to ACCC's notification, with people between 45 and 54 losing the most money in these scams.

"Never give any information about your superannuation to someone who has contacted you," Rickard said. "Don’t let them try to pressure you to make a decision immediately, take your time and consider who you might be dealing with."

"Be wary of callers who claim to be from a government authority asking about your super. Hang up and call the organisation directly by doing an independent search for their contact details."

Australians targeted in such scams who have provided superannuation info to the scammers are advised to reach out to their superannuation institutions as soon as possible.

They are also urged to immediately contact their financial institution if they've been tricked into sharing personal or banking details.

FBI warns again of BEC scammers exploiting cloud email services
12.4.2020  Bleepingcomputer  Spam

FBI's Internet Crime Complaint Center (IC3) has issued today a public service announcement warning of cybercriminals abusing popular cloud-based email services as part of Business Email Compromise (BEC) attacks.

This is the second time within a month that the FBI has warned of malicious actors abusing cloud email to conduct BEC scams, with a private industry notification (PIN) on the same subject having been issued on March 3.

While previously the FBI singled out Microsoft Office 365 and Google G Suite as the ones targeted in such attacks, this time the agency refers to them only as "two popular cloud-based email services."

"Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite," the FBI said in the PIN.

"While most cloud-based email services have security features that can help prevent BEC, many of these features must be manually configured and enabled."

Cloud email and BEC scams
The crooks' move to attacking trough cloud-based email services matches organizations' migration to the same type of services from on-premises email.

To abuse cloud email services, the scammers use email service-aware phish kits that closely imitate the services' interface and designed to trick a target's employees into handing over their account credentials.

The targets are redirected to the phishing kits used as part of these BEC attacks via large scale phishing campaigns, with the phishing kits being able of identifying the "service associated with each set of compromised credentials" and displayed the correct user interface.

"Upon compromising victim email accounts, cybercriminals analyze the content to look for evidence of financial transactions," the FBI explained today.

"Using the information gathered from compromised accounts, cybercriminals impersonate email communications between compromised businesses and third parties, such as vendors or customers."

The scammers will then impersonate employees or business partners, with the end goal of redirecting payments to bank accounts they control.

They will also collect and exfiltrate partner contacts from the infiltrated email accounts which will later be used to launch other phishing attacks and compromise other businesses, making it easy to pivot to other targets within the same or related industry sectors.

Increasing number of COVID-19 related BEC attacks
The FBI also warned today of a boost in the number of BEC scams designed to exploit the COVID-19 pandemic targeting US municipalities, financial institutions, and bank customers.

"Recently, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19," the FBI says in a press release.

Among the BEC attempts reported or observed by the agency recently, the FBI highlights two examples:

• A financial institution received an email allegedly from the CEO of a company, who had previously scheduled a transfer of $1 million, requesting that the transfer date be moved up and the recipient account be changed “due to the Coronavirus outbreak and quarantine processes and precautions.” The email address used by the fraudsters was almost identical to the CEO’s actual email address with only one letter changed.
• A bank customer was emailed by someone claiming to be one of the customer’s clients in China. The client requested that all invoice payments be changed to a different bank because their regular bank accounts were inaccessible due to “Corona Virus audits.” The victim sent several wires to the new bank account for a significant loss before discovering the fraud.

A scammer group tracked by Agari researchers as Ancient Tortoise were the first ones spotted while using the COVID-19 outbreak as leverage in a BEC attack as BleepingComputer reported last month.

FBI's Internet Crime Complaint Center (IC3) 2019 Internet Crime Report published in February says that BEC was the cybercrime type with the highest reported total victim losses in 2019 as it reached roughly $1.8 billion in individual and business losses.

How to defend against BEC attacks
Although Google G Suite, Microsoft Office 365, and other popular cloud-based email services come with built-in security features that could help block BEC attempts, many of these features aren't enabled by default and have to be manually configured or toggled on by IT admins and security teams.

Because of this, "small and medium-size organizations, or those with limited IT resources, are most vulnerable to BEC scams," the FBI explains.

The FBI recommends IT admins to take the following measures that could block BEC attacks:

• Prohibit automatic forwarding of email to external addresses.
• Add an email banner to messages coming from outside your organization.
• Prohibit legacy email protocols such as POP, IMAP, and SMTP that can be used to circumvent multi-factor authentication.
• Ensure mailbox logon and settings changes are logged and retained for at least 90 days.
• Enable alerts for suspicious activity such as foreign logins.
• Enable security features that block malicious email such as anti-phishing and anti-spoofing policies.
• Configure Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to prevent spoofing and to validate email.
• Disable legacy account authentication.
Users can follow these recommendations to defend against BEC scammers:

• Enable multi-factor authentication for all email accounts.
• Verify all payment changes and transactions in-person or via a known telephone number.
• Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.

IRS Warns of Surge in Economic Stimulus Payment Scams
4.4.2020  Bleepingcomputer  Spam

The Internal Revenue Service (IRS) today issued a warning to alert about a surge in coronavirus-related scams over email, phone calls, or social media requesting personal information while using economic impact payments as a lure.

This scam wave that can lead to identity theft and tax-related fraud is using the SARS-CoV-2 pandemic to trick vulnerable targets into giving away their sensitive info in exchange for help to speed up the COVID-19 economic impact payments.

"We urge people to take extra care during this period. The IRS isn't going to call you asking to verify or provide your financial information so you can get an economic impact payment or your refund faster," IRS Commissioner Chuck Rettig said.

"That also applies to surprise emails that appear to be coming from the IRS. Remember, don't open them or click on attachments or links. Go to IRS.gov for the most up-to-date information."

Cisco Talos said on March 30 that it "has already detected an increase in suspicious stimulus-based domains being registered" and staged for COVID-19 relief package themed attacks.

Economic impact payments coming in a few weeks
COVID-19 economic impact payments are going to be distributed within the net three weeks although scammers will promise to get them deposited in your bank account a lot faster as Jr. United States Attorney Robert M. Duncan explained in a Department of Justice press release.

Most of the eligible Americans will have the funds sent as a direct deposit into their bank accounts per the U.S. Department of the Treasury, while the unbanked, elderly, and other groups who don't use or have access to bank accounts will receive the approved $1,200 economic impact payments via paper check.

The scammers attempting to exploit the taxpayers' distress caused by the COVID-19 pandemic and their anxiousness to receive already approved payments to get them to 'verify' the information needed for the money to be deposited.

This stolen information will be used later by the crooks to file false tax returns as part of identity theft schemes.

"Because of this, everyone receiving money from the government from the COVID-19 economic impact payment is at risk," Duncan said.

Retirees are the most exposed to these scams and they are reminded by the US revenue service that the agency will not ask them for info related to the coronavirus economic impact payment by phone, email, mail or in person.

Spot the fraudsters
Scammers can use a wide range of tactics to trick their targets into sharing their personal or financial information, with some of them potentially attempting to:

Emphasize the words "Stimulus Check" or "Stimulus Payment." The official term is economic impact payment.
Ask the taxpayer to sign over their economic impact payment check to them.
Ask by phone, email, text or social media for verification of personal and/or banking information saying that the information is needed to receive or speed up their economic impact payment.
Suggest that they can get a tax refund or economic impact payment faster by working on the taxpayer's behalf. This scam could be conducted by social media or even in person.
Mail the taxpayer a bogus check, perhaps in an odd amount, then tell the taxpayer to call a number or verify information online in order to cash it.
Taxpayers should in no situation share their banking information with others when being asked to provide it for input on their behalf according to the IRS.

"Those taxpayers who have previously filed but not provided direct deposit information to the IRS will be able to provide their banking information online to a newly designed secure portal on IRS.gov in mid-April," the IRS said.

"If the IRS does not have a taxpayer's direct deposit information, a check will be mailed to the address on file."

Report the scammers
Detailed and official info on the COVID-19 economic impact payments is available on the IRS.gov Coronavirus Tax Relief page, with info on who is eligible and how will the IRS know where to send the payments accessible here.

Taxpayers who have been or will be targeted by fraudsters with Coronavirus-related or other types of phishing attempts via unsolicited emails, text messages, or social media are urged by the IRS to report them to phishing@irs.gov.

"The IRS Criminal Investigation Division is working hard to find these scammers and shut them down, but in the meantime, we ask people to remain vigilant," IRS Criminal Investigation Chief Don Fort concluded.

FTC Warns VoIP Providers to Stop Facilitating Coronavirus Scams
29.3.2020  Bleepingcomputer  Spam

The US Federal Trade Commission (FTC) warned nine VoIP service providers against assisting and facilitating illegal robocalls designed to capitalize on public anxiety surrounding the Coronavirus pandemic.

"Many of these robocalls prey upon consumer fear of the pandemic to perpetrate scams or disseminate disinformation," the letters say. "FTC staff have reason to believe that one or more of your customers may be involved in such illegal telemarketing campaigns."

Until March 30, the nine companies are required to email the FTC the specific actions taken to ensure that their services are not used in Coronavirus-related telemarketing schemes breaking the Telemarketing Sales Rule (TSR).

VoIP providers under scrutiny
FTC's legal staff sent letters to the following companies: Bluetone Communications LLC, Comet Media Inc, iFly Communications, J2 Web Services Inc, SipJoin Holding Corp, Third Rock Telecom, VoIPMax, VoIPTerminator Inc, and Voxbone US LLC.

The nine companies were also reminded of civil enforcement actions taken by the Department of Justice against VoIP providers and owners for "committing and conspiring to commit wire fraud by knowingly transmitting robocalls that impersonated federal government agencies."

The FTC also sued the Globex Telecom VoIP service providers and James B. Christiano's robocaller software companies as part of an effort to combat illegal telemarketing.

FTC's warning letters highlight several types of behavior that may infringe the TSR, including:

making a false or misleading statement to induce a consumer to buy something or contribute to a charity;
misrepresenting a seller or telemarketer’s affiliation with any government agency;
transmitting false or deceptive caller ID numbers;
initiating pre-recorded telemarketing robocalls, unless the seller has express written permission to call; and
initiating telemarketing calls to consumers whose phone numbers are on the National Do Not Call Registry, with certain exceptions.
"It’s never good business for VoIP providers and others to help telemarketers make illegal robocalls that scam people," FTC Bureau of Consumer Protection Director Andrew Smith said.

"But it’s especially bad when your company is helping telemarketers exploiting fears about the coronavirus to spread disinformation and perpetrate scams."

If you get COVID-19-related scam robocalls the FTC says that you should:

Hang up. Don’t press any numbers. The recording might say that pressing a number will let you speak to a live operator or remove you from their call list, but it might lead to more robocalls, instead.
Consider using a call blocking app or device. You also can ask your phone provider if it has call-blocking tools. To learn more, go to ftc.gov/calls.
Report the call. Report robocalls at ftc.gov/complaint. The more we hear from you, the more we can help fight scams.
Warnings sent for selling fake Coronavirus cures
The FTC and U.S. Food and Drug Administration (FDA) also sent warning letters to companies that were offering various products for sale — such as teas, essential oils, and colloidal silver — in the United States, products that were promoted as capable of mitigating, preventing, treating, curing, or diagnosing the COVID-19 disease in people.

The two government agencies sent the letters to the following companies: Vital Silver, Quinessence Aromatherapy Ltd, N-ergetics, GuruNanda LLC, Vivify Holistic Clinic, Herbal Amy LLC, and The Jim Bakker Show.

"Within 48 hours, please send an email to COVID-19-Task-Force-CFSAN@fda.hhs.gov describing the specific steps you have taken to correct these violations," the letters say. "Failure to immediately correct the violations cited in this letter may result in legal action, including, without limitation, seizure and injunction."

"These warning letters are just the first step," FTC Chairman Joe Simons said. "We’re prepared to take enforcement actions against companies that continue to market this type of scam."

"The FDA considers the sale and promotion of fraudulent COVID-19 products to be a threat to the public health," FDA Commissioner Stephen M. Hahn added. "We have an aggressive surveillance program that routinely monitors online sources for health fraud products, especially during a significant public health issue such as this one."

Both the FTC and the FDA are continuing to monitor online marketplaces, social media, and consumer complaints to make ensure that other companies do not market fraudulent products under other names or via other websites.

Europol also announced last week that a huge amount of counterfeit medicine and COVID-19 outbreak-related protective gear was seized in a global operation dubbed Operation Pangea coordinated by INTERPOL and targeting trafficking.

"Authorities around the world seized nearly 34 000 counterfeit surgical masks, making them the most commonly sold medical product online," according to the Europol. "Law enforcement officers identified more than 2 000 links to products related to COVID-19."

Extortion Emails Threaten to Infect Your Family With Coronavirus
22.3.2020  Bleepingcomputer  Spam

Sextortion scammers are now also attempting to capitalize on the COVID-19 pandemic by threatening their victims to infect their family with the SARS-CoV-2 virus besides revealing all their "dirty secrets".

If you have received such an email, it is important to know that this is just a scam and that no hacker has stolen your passwords or can infect you or your family with an actual real-life virus.

Just paying attention to their threats should be reason enough to discard their attempts at extortion and delete such emails immediately.

Sextortion emails were first seen in July 2018 when crooks started emailing potential victims and claiming that they have them recorded on video while they were browsing adult sites.

To increase their scam's credibility, the scammers also include the victims' passwords in some cases, leaked together with their email addresses as part of a previous data breach.

Coronavirus infection threats over email
The sextortion emails' subjects are in the "[YOUR NAME] : [YOUR PASSWORD]" form, presenting one of your passwords from the get-go as a proven tactic to catch the targets' attention and make them open the messages.

Next, the scammers attempt to send their victims into full panic mode by warning them that they know where they live, as well as "every dirty little secret" in their lives that will be exposed if $4,000 worth of bitcoins will not be paid within 24 hours.

These threats are also supplemented with the promise of infecting the target's entire family with the coronavirus as researchers at Sophos found.

Unfortunately for them, this is the part that absolutely ruins all their previous work at intimidating the victim given the laughable attempt to use a real-life coronavirus infection scare to incentivize their victims to pay a ransom over email.

"You hαve 24 hours τo maκe the ραyment. Ι hαve a unique pιxel withιn τhis email messαge, and rιght now, I κηοw thατ yοu hαve reαd thιs email," the crooks add.

Sextortion email (ExecuteMalware)
Below you can find the full content of such an 'innovative' sextortion email as published by Sophos:

Subject: [YOUR NAME] : [YOUR PASSWORD]

I know every dιrτy liττle secreτ abοuτ your lιfe. To ρrove my poιnτ, tell me, does [REDACTED] ring αny bell το yοu? It was οηe οf yοur pαsswοrds.

Whαt dο Ι κnow αbοuτ you?

Tο sταrt with, I κηοw all of yοur passwords. I αm awαre of your whereαbοuτs, what yοu eaτ, wιth whοm you tαlk, every liττle τhing yοu do in α day.

What αm Ι cαpable οf dοιηg?

Ιf I wαηt, I cοuld eνen infect yοur whοle fαmily with τhe CοronαVirus, reνeαl all of yοur secrets. There αre cοunτless τhiηgs I cαn dο.

Whατ should yοu do?

Yοu need tο ραy me $4000. You'll mαke τhe ρayment viα Βiτcoiη τo the belοw-mentιοηed αddress. Ιf you dοn't knοw how tο do τhis, seαrch 'how tο buy bιτcoin' in Goοgle.
Βitcoin Address:
[REDACTED]
(Ιt is cAsE sensiτiνe, sο cοpy αηd ραste it)

You hαve 24 hours τo maκe the ραyment. Ι hαve a unique pιxel withιn τhis email messαge, and rιght now, I κηοw thατ yοu hαve reαd thιs email.

If I dο ηoτ geτ the paymenτ:

Ι wιll iηfect eνery member οf your family with τhe CοronαVιrus. No matter how smart yοu αre, belieνe me, ιf Ι waητ to αffect, Ι caη. Ι will also gο αheαd aηd reνeαl yοur secreτs. Ι will comρletely ruiη yοur lιfe.

Nonetheless, ιf I do geτ ραιd, Ι wιll erαse every lιτtle informατιοη I have αbοut yοu immediατely. You will never hear from me αgαιn. It ιs a nοn-ηegotιαble οffer, sο dοn't wαsτe my τιme αnd yours by reρlyiηg to thιs emαil.

Nikita
The scammers also attempt to bypass text matching email protection features by using Greek characters instead of Latin ones as seen above.

What's important to remember if you are on the receiving end of an anxiety-inducing campaign is that, despite all their threats, the scammers never gained access to any of your accounts and you have absolutely nothing to worry about.

Additionally, there is no chance in hell that they will ever be able to get close to you or your family; and the chances of their coronavirus infection threats becoming are even slimmer.

Instead of being alarmed by such gratuitous threats, you should go ahead and mark such emails as spam as soon as you receive them to help out your email service to detect them before they land in your inbox and automatically block them in the future