Coronavirus Sparks Rise in Fraud

Where there's a will, there's a way, and fraudsters are taking that proverb to heart amidst the COVID-19 outbreak. According to cybersecurity firm Proofpoint Inc., phishing attacks have increased dramatically since January as criminals send emails posing as legitimate businesses.

Earlier this month, The Wall Street Journal (WSJ) reported Proofpoint's findings that showed fraudsters are discussing the coronavirus in their emails to businesses in an effort to gain their interest. If a business opens the email, it enables fraudsters to release malware. Sherrod DeGrippo, Proofpoint's senior director of threat research and detection, told WSJ many coronavirus emails are sent every work day, more frequent than those with natural disasters or large public events.

"We don't typically see events like that," DeGrippo said in the article. "Natural disasters are very localized; events like the Olympics come and go and I think something like the Olympics doesn't get the clicks that a health scare would."

The founder of Houston law firm R. McConnell Group PLLC, Ryan McConnell, told WSJ these emails often use a company's logo, offering news and updates on the outbreak to get clicks. In other instances, the fraudulent party may send businesses a fake purchase order for medical supplies and request a wire payment in return.

Criminals are even impersonating organizations as prominent as the Center for Disease Control and World Health Organization to appear reputable, DeGrippo noted.

"The Center for Disease Control and World Health Organization fakes, candidly, haven't been very sophisticated," added Bart McDonough, chief executive of cybersecurity firm Agio LLC, in the WSJ article. "I think they will improve their level of sophistication as this starts to hit wealthier nations."

Steve LaFalce, national credit manager at EIS, Inc., in Atlanta, Georgia, said he experienced phishing in his credit department when he received an email from the company's former CEO asking LaFalce to "complete a task for me discreetly."  LaFalce said he knew the former CEO would not reach out to him that way. The most important thing to do is remain cautious and ask questions, he said.

"If something doesn't seem right, dig a little, and reach out to your credit manager if you need help," LaFalce said. "Not all transactions that have these red flags are fraud."

—Andrew Michaels, editorial associate