COVID-19 in Italy: Fraud Lessons Learned

Mara Gibor, Director of Intelligence, Q6 Cyber

Around the world, public health officials are analyzing the coronavirus (COVID-19) transmission in countries with earlier outbreaks in an effort to model scenarios, refine preparations, and identify mismanagement and best practices in dealing with the current situation. With Italy being a hotspot, we at Q6 Cyber set out to analyze recent cybercriminal and fraud activity there to learn what we can anticipate in other parts of the world where the pandemic is on the rise.

Observing the Dark Web

Not surprisingly, we saw a spike in cyberattacks and fraud campaigns targeting Italian corporations and consumers. Bad actors, especially sophisticated ones, view the current epidemic as a golden opportunity and are deploying more resources toward criminal operations in Italy. Leveraging our unique access to invitation-only Dark Web and Cybercriminal Underground sources, we observed cybercriminals and fraudsters discussing the opportunities and vulnerabilities created by a seismic shift in daily life in Italy:

  • Fewer Defenders: As security and anti-fraud professionals work remotely, often with reduced access and productivity, or are unable to work while caring for ill relatives or are sick themselves, attackers perceive a unique window of opportunity to strike when ‘nobody is watching’.
  • Remote Work: With employees working from home and accessing sensitive systems and data, some even using personal computers, attackers do not have to contend with robust security infrastructures that protect corporate networks, making the ‘targets’ easier to compromise.
  • Digital Transactions: The lockdown is forcing people to conduct financial transactions digitally through online banking and payments, even those who may otherwise be less disposed (e.g., the elderly). Fraudsters are ferociously seizing on the increase in potential victims, especially those who are less savvy and less security-conscious.
  • Relaxed Controls: Experienced fraudsters expect financial and other organizations to relax anti-fraud controls to support their customers in this period of emergency, presenting the opportunity to execute fraud schemes tailored to take advantage of such letup.
  • Witting Partners: As more and more people lose their jobs and feel the financial squeeze, bad actors can more easily recruit witting partners to commit a range of cyber and financial crimes.

A post on an underground forum regarding opportunities to exploit the coronavirus epidemic for fraud

Implications for the Rest of Us

With more countries implementing shutdowns and other restrictive measures, we expect cybercriminals and fraudsters to double down their attacks and take advantage of the same dynamics playing out in Italy. Undoubtedly, organizations must first address the well-being of their employees, customers, and other stakeholders, and ensure continuity of business operations. At the same time, to avoid mounting fraud losses and damaging cyberattacks during this vulnerable period, organizations must empower anti-fraud and security teams with the necessary resources and tools. For example, implementing robust processes and controls for remote employee access, or e-crime intelligence to proactively identify financial mules, are important initiatives that organizations should immediately consider taking.

Outpace First-Party Fraud and Mule Activity

February 28th, 2024
Rob Rendell, Global Head of Fraud Market Strategy & Fraud Prevention - Subject Matter Expert

Fraud Predictions 2024

December 12th, 2023
Jake Emry, Fraud Prevention Subject Matter Expert & Rob Rendell, Global Head of Fraud Market Strategy & Fraud Prevention - Subject Matter Expert

Lessons Learned from How a Scam Closed Down a Bank – A Discussion with Peter Tapling of PTap Advisory, LLC & NICE Actimize

November 3rd, 2023
Jake Emry, Fraud Prevention Subject Matter Expert & Peter Tapling, Serial Entrepreneur, Advisor, and Investor, PTap Advisory, LLC & NICE Actimize
Speak to an Expert