Special Feature
Part of a ZDNet Special Feature: Coronavirus: Business and technology in a pandemic

Scammers are now taking advantage of US small business relief fund in phishing emails

New campaigns are capitalizing not just on coronavirus fears but also on the outbreak’s financial ramifications.

Coronavirus-tracking apps: Minding the devil and the details
0:57

A new study examining phishing email trends has found a surge in cases taking advantage of financial worries related to COVID-19

On Thursday, IBM X-Force researchers released the results of a study into coronavirus-related spam since the World Health Organization (WHO) declared the spread of the novel coronavirus a pandemic on March 11. 

According to the team, there has been an increase in COVID-19-related spam of over 6,000%, ranging from the impersonation of WHO officials to the US Small Business Administration (SBA) and banks offering financial relief funds. 

Furthermore, the "2020 Consumer & Small Business COVID-19 Awareness Study" (.PDF) suggests that SMBs are the top targets of recent COVID-19 scams. 

See also: France asks Apple to relax iPhone security for coronavirus tracking app development

Sample emails collected by the team reveal that small business owners are being targeted by fake SBA officials, promising recipients government funds to keep them afloat during the crisis. Close to 40% of business owners surveyed by IBM believe they have received at least one such email, which often contain malicious attachments designed to deploy malware on their devices. 

"The uncertainty surrounding the availability of funds and how they are being allocated increases confusion among small business owners and creates new opportunities for attackers," the researchers say. 

It is not just the SBA that is being impersonated. Fraudulent American Express emails offering thousands of dollars in relief funds and Wells Fargo messages claiming to need account verification to transfer a relief payment have also been detected. 

The research suggests that a general lack of awareness and the general public's confusion when it comes to official communication channels is making the matter worse. 

CNET: Passwords for WHO, CDC, Gates Foundation employees reportedly spread online

In total, 35% of survey respondents said they expected to hear from the IRS over email -- despite the agency saying for years that it would never email individuals about tax filing -- and only 14% of small business owners feel that they understand the process to secure business loan relief. 

In addition, 64% of US adults recently made unemployed are considered the most likely group to engage in emails claiming to be related to financial relief. Over half of respondents said they would click on a link or open attachments in these messages. 

TechRepublic: Coronavirus: What business pros need to know

It is not just run-of-the-mill scammers that are weaponizing the respiratory disease. State-sponsored and therefore well-resourced hacking groups, too, across China, North Korea, and Russia are using COVID-19 lures to infect their victims with malware.

Over in South Korea, the coronavirus outbreak has also resulted in an increase in scam text messages and phone calls related to the virus. In many cases, fraudsters are pretending to be delivery companies with package delays, and ask their victims for sensitive information to process orders. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0