COVID-19 in Italy: Fraud Lessons Learned

Mara Gibor, Director of Intelligence, Q6 Cyber

Around the world, public health officials are analyzing the coronavirus (COVID-19) transmission in countries with earlier outbreaks in an effort to model scenarios, refine preparations, and identify mismanagement and best practices in dealing with the current situation. With Italy being a hotspot, we at Q6 Cyber set out to analyze recent cybercriminal and fraud activity there to learn what we can anticipate in other parts of the world where the pandemic is on the rise.

Observing the Dark Web

Not surprisingly, we saw a spike in cyberattacks and fraud campaigns targeting Italian corporations and consumers. Bad actors, especially sophisticated ones, view the current epidemic as a golden opportunity and are deploying more resources toward criminal operations in Italy. Leveraging our unique access to invitation-only Dark Web and Cybercriminal Underground sources, we observed cybercriminals and fraudsters discussing the opportunities and vulnerabilities created by a seismic shift in daily life in Italy:

  • Fewer Defenders: As security and anti-fraud professionals work remotely, often with reduced access and productivity, or are unable to work while caring for ill relatives or are sick themselves, attackers perceive a unique window of opportunity to strike when ‘nobody is watching’.
  • Remote Work: With employees working from home and accessing sensitive systems and data, some even using personal computers, attackers do not have to contend with robust security infrastructures that protect corporate networks, making the ‘targets’ easier to compromise.
  • Digital Transactions: The lockdown is forcing people to conduct financial transactions digitally through online banking and payments, even those who may otherwise be less disposed (e.g., the elderly). Fraudsters are ferociously seizing on the increase in potential victims, especially those who are less savvy and less security-conscious.
  • Relaxed Controls: Experienced fraudsters expect financial and other organizations to relax anti-fraud controls to support their customers in this period of emergency, presenting the opportunity to execute fraud schemes tailored to take advantage of such letup.
  • Witting Partners: As more and more people lose their jobs and feel the financial squeeze, bad actors can more easily recruit witting partners to commit a range of cyber and financial crimes.

A post on an underground forum regarding opportunities to exploit the coronavirus epidemic for fraud

Implications for the Rest of Us

With more countries implementing shutdowns and other restrictive measures, we expect cybercriminals and fraudsters to double down their attacks and take advantage of the same dynamics playing out in Italy. Undoubtedly, organizations must first address the well-being of their employees, customers, and other stakeholders, and ensure continuity of business operations. At the same time, to avoid mounting fraud losses and damaging cyberattacks during this vulnerable period, organizations must empower anti-fraud and security teams with the necessary resources and tools. For example, implementing robust processes and controls for remote employee access, or e-crime intelligence to proactively identify financial mules, are important initiatives that organizations should immediately consider taking.

Starter’s Guide to Mitigate Fraud Using Policy Manager

September 13th, 2023
Rob Wilson, Senior Business Analyst, NICE Actimize

Thwarting Money Mules in an Instant Payments Environment

September 1st, 2023
Rob Rendell, Global Head of Fraud Market Strategy & Fraud Prevention - Subject Matter Expert

PSR’s New Rules for Reimbursement will impact more PSPs

August 22nd, 2023
Ian Church, Principal Business Consultant, Enterprise Consultancy and Advisory Practice

Fraud Prevention Blog Series with Expert Sean O’Malley, IDC

August 21st, 2023
Sean O’Malley, Research Director, Compliance, Fraud and Risk Management, IDC
Speak to an Expert