Authors: Sara Whitwell, M3AAWG Partner Contributor; Aaron Foss, M3AAWG Contributor
At M3AAWG’s 49th General Meeting, the COVID-19 pandemic was a central focus of the session “Is COVID-19 the Cure for Fraud?” The joint session, facilitated by M3AAWG and the Communications Fraud Control Association (CFCA), brought together professionals from across messaging to discuss the pandemic’s impact on the online fraud landscape.
Cybercriminals will never let a crisis go to waste. Instead, they capitalize on collective anxiety to build tailored attacks to lure in victims – and given the scale of the pandemic, anti-fraud professionals expected a surge in COVID-19 specific attacks and for robocalls to be the primary vector. COVID-19 related fraud must be directly related to the pandemic, like offering victims personal protective equipment (PPE) or fake COVID-19 test results.
However, the volume of robocall fraud dropped significantly as the pandemic shut down the call centers and halted bot-messaging activity. Ultimately, attackers reverted to their usual lures: life insurance, real estate and credit cards, while using COVID-19 to make their attacks timely. Despite industry expectations that robocalls would serve as a primary channel for fraud, text, email, and webpages arose as the main vectors, highlighting the flexibility of cybercriminals in targeting end-users across platforms.
As cybersecurity professionals, we’re on the front lines of the pandemic. While school, work, and medical appointments are disrupted for millions across the U.S., messaging serves a vital role in providing timely health and safety information and keeping people connected. In our effort to ensure that messaging between senders and receivers remains open, secure, and trusted, several takeaways were clear from the session:
- Cybercriminals are extremely adept and cunning in targeting end-users. This agility makes timely knowledge sharing integral in combating online fraud.
- Service providers must develop a framework to differentiate beyond “good” and “bad” messaging. Objective definitions of “legal” and “illegal”, as well as “wanted” and “unwanted,” must shape the implementation of messaging standards.
- Ensuring legal robo-messages, whether wanted or unwanted, are delivered is as important as blocking illegal messages amidst the pandemic. Setting up early warning systems must be a priority for all service providers through, and beyond, the pandemic.
While cybercriminals have intensified their attacks amidst the pandemic, the anti-abuse community has stepped up to combat emerging threats through knowledge sharing. As COVID-19 continues to spread, industry collaboration will play a vital role in understanding today’s most pressing issues and developing standards to better protect and serve end-users amidst and after the pandemic.