Category: Cyber-Crimes

Not every COVID-19 testing site is legit


You probably know that COVID-19 tests are in short supply. But did you know there’s no shortage of scammers setting up fake COVID-19 testing sites to cash in on the crisis? 

The fake sites can look real, with legitimate-looking signs, tents, hazmat suits, and realistic-looking tests. And the damage these fake testing sites can cause is very real.

They aren’t following sanitation protocols, so they can spread the virus.

They’re taking people’s personal information, including Social Security numbers, credit card information, and other health information – all of which can be used for identity theft and to run up your credit card bill. Worst of all, they’re not giving people the help they need to stay healthy. In other words, these testing sites are bad news.

Here are a few things to keep in mind when looking into testing sites.

  • If you think you should get tested, ask your doctor. Some people with COVID-19 have mild illness and are able to recover at home without medical care. They may not need to be tested, according to the CDC. Not sure if you need to get tested? Try the CDC’s self-checker.
  • Get a referral. Testing sites are showing up in parking lots and other places you wouldn’t expect to get a lab test. Some of these are legit – and some are not. The best way to know is to go somewhere you have been referred to by your doctor or state or local health department’s website. In other words, don’t trust a random testing site you see on the side of the road.
  • Not sure if a site is legit? Check with your local police or sheriff’s office. If a legitimate testing site has been set up, they should know about it. And, if an fake testing site is operating, they’ll want to know.

Spotted a fake COVID-19 testing site? We want to hear about it. Report it at ftc.gov/complaint.

FTC.gov (May 2020) Not every COVID-19 testing site is legit

Florida Man Pleads Guilty to Racially-Motivated Interference With Election in Charlottesville, Virginia and Cyberstalking in Florida


Daniel McMahon, 31, pleaded guilty on Thursday in federal court in the Western District of Virginia to one count of threatening an African-American Charlottesville City Council candidate identified by the initials D.G. because of his race and because he was running for office, and to one count of cyberstalking a separate victim through Facebook messenger. 

“Racially motivated threats of violence have no place in our society and will not be tolerated by the Department of Justice,” said Assistant Attorney General Eric Dreiband for the Civil Rights Division. “The defendant in this case violated the civil rights of his victims through intimidation and we are grateful for all the work and collaboration our partners have done on this case.”

“Although the First Amendment protects, without qualification, an individual’s right to hold and express abhorrent political views, it does not license threats of violence,” said U.S. Attorney Thomas T. Cullen for the Western District of Virginia. “The Department of Justice is committed to investigating and prosecuting those who weaponize social media to harm others.” 

“Peaceable protest is a core American value protected by law,” said U.S. Attorney Maria Chapa Lopez for the Middle District of Florida. “This defendant violated the law by threatening violence against an African-American individual who planned to announce his candidacy for City Council and an autistic child merely because the child’s mother opposes his extreme racially motivated views. This collaborative prosecution demonstrates that the Department of Justice as a whole will not tolerate these types of threats and intimidation.”

“This investigation underscores the FBI Joint Terrorism Task Forces and the U.S. Attorney’s Offices continued commitment to aggressively investigate and prosecute individuals engaging in racially-motivated threats and violent extremist activities. It also exemplifies the seamless information sharing between FBI Divisions in eliminating potential threats to our communities,” said Special Agent in Charge of the FBI Tampa Division Michael F. McPherson.

“Protecting the civil rights of all Americans is a high priority for the FBI and is a mission to which we are fully committed. In this case, the defendant used racially-motivated threats of violence to disrupt an election,” said David W. Archey, Special Agent in Charge of the FBI’s Richmond Division. “In addition, he used a social media account to stalk and terrorize another victim and a minor child. We will continue to prioritize and aggressively investigate violations of these kinds. We are grateful for the partnership and efforts of FBI Tampa Division, the U.S. Attorney Offices in Virginia and Florida, and the Department of Justice, and for their assistance on this case.”

At the plea hearing, the defendant admitted that he uses the online pseudonyms “Jack Corbin,” “Pale Horse,” “Restore Silent Sam,” and “Dakota Stone,” to promote white supremacy and white nationalist ideology, and to express support for racially-motivated violence.

The defendant admitted that in January 2019, upon learning that D.G., an African-American resident of Charlottesville, Virginia, planned to announce his candidacy for City Council, the defendant used his Jack Corbin account on the social media platform Gab to threaten violence against D.G. because of D.G.’s race and because D.G. was running for office. The defendant admitted that his posts used racial slurs and invoked long-standing racial stereotypes, and that he intended for D.G. to understand his posts as threats to his safety. 

In addition to this, the defendant also admitted to cyberstalking Victim 2 using his “Restore Silent Sam” Facebook account. In connection with this charge, the defendant admitted that he used Facebook to send Victim 2 numerous intimidating and threatening messages that placed Victim 2 in reasonable fear of harm to Victim 2’s minor child.

The defendant acknowledged that Victim 2 has been active in countering white nationalist rallies in her community. The defendant admitted that, because of Victim 2’s activism, he began an online campaign to intimidate her and to extort information from her about her fellow activists. This included sending Victim 2 numerous messages over the course of twelve days in which he threatened to sexually assault Victim 2’s minor daughter, who has autism.

The defendant admitted that, at around the same time that he sent these messages, he also used the internet to conduct searches relating to sexual contact with girls who have autism. The defendant admitted that his messages reasonably caused Victim 2 serious emotional distress and fear for Victim 2’s child’s safety.

McMahon will be sentenced on July 23, 2020. He faces a maximum sentence of one year in prison for threatening D.G. and five years in prison for cyberstalking Victim 2.

This case is being investigated by the FBI and is being prosecuted by U.S. Attorney Thomas T. Cullen of the Western District of Virginia; Assistant U.S. Attorney Christopher Kavanaugh of the Western District of Virginia; Assistant U.S. Attorney Daniel George of the Middle District of Florida; and Trial Attorney Risa Berkower of the U.S. Department of Justice’s Civil Rights Division.

Justice.gov (April 2020) Florida Man Pleads Guilty to Racially-Motivated Interference With Election in Charlottesville, Virginia and Cyberstalking in Florida

COVID-19 fraud domain seized from seller who attempted to sell it using bitcoin


U.S. Immigration Customs and Enforcement’s (ICE) Homeland Security Investigations (HSI) and United States Attorney’s Office for the District of Columbia obtained a warrant Friday authorizing seizure of coronaprevention.org following an HSI Philadelphia investigation in support of Operation Stolen Promise.

HSI recently launched Operation Stolen Promise to protect the homeland and global supply-chain from the increasing and evolving threat posed by COVID-19-related fraud and criminal activity by combining HSI’s expertise in global trade investigations, financial fraud, and cyber investigations with robust private and public partnerships.

“Sadly, criminals are using the current pandemic as an opportunity to generate proceeds while so many Americans are suffering,” said William S. Walker, acting HSI Philadelphia special agent in charge. “Homeland Security Investigations and our partners will continue to aggressively pursue those who attempt to illegally capitalize on this crisis through illicit money-making schemes.”

The seizure warrant alleges that the owner of the domain name, coronaprevention.org, posted it for sale on a hackers forum.

The post appeared the day after the president declared a national emergency due to the COVID-19 pandemic. The seller stated on the forum that this domain would be an effective way to sell “high markup in demand products.”

The seller exponentially marked up the price of the domain. The seller asked for the payment to be made via bitcoin.

The warrant further alleges that the seller engaged in conversations with an undercover agent from HSI about the sale of the domain. The seller stated that it was “genius” to sell “fake testing kits” using this domain.

The seller further stated that the seller “wanted to do that but I couldn’t get enough cash to bulk buy them from Alibaba [a Chinese e-commerce site].” The seller recommended directed the undercover agent on how to set up a new website on the domain using a foreign-based service, so as to prevent U.S. authorities from being able to shut it down in the future.

“We will not tolerate exploitation of this national emergency for personal gain,” said U.S. Attorney Tim Shea. “This office will not allow fraudsters to use anonymous online spaces and cryptocurrency to hide their harmful activities and prey on victims.”

The charges in the warrant are merely allegations, and civil forfeiture proceedings will commence in which any interested party may make a claim to ownership of the seized property.

The enforcement action against the owner of a fraudulent website follows Attorney General William Barr’s recent direction for the department to prioritize the detection, investigation, and prosecution of illegal conduct related to the pandemic.

The case is being handled by Assistant U.S. Attorney Zia M. Faruqui, Paralegal Specialist Brian Rickers, and Legal Assistant Jessica McCormick of the U.S. Attorney’s Office for the District of Columbia.

As part of Operation Stolen Promise, HSI is partnering with U.S. Customs and Border Protection (CBP), the Food and Drug Administration, the U.S. Postal Inspection Service, the U.S. Secret Service, the Internal Revenue Service, the Federal Bureau of Investigation, and the Five Eyes Law Enforcement Working Group. Additionally, efforts span multiple HSI components including the National Intellectual Property Rights Coordination Center, HSI International Operations, the Illicit Finance and Proceeds of Crime Unit, and the Cyber Crimes Center.

As of April 23, 2020, HSI special agents have opened over 232 cases initiated, 376 total seizures, 329 leads sent, 70 disruptions, seized over three million dollars in illicit proceeds; made six arrests; executed 12 search warrants; sinkholed over 11,000 COVID-19 domain names and worked alongside CBP to seize over 225 shipments of mislabeled, fraudulent, unauthorized or prohibited COVID-19 test kits, treatment kits, homeopathic remedies, purported anti-viral products and personal protective equipment.

The launch of the operation is in direct response to a significant increase in criminal activity.

To report suspected illicit criminal activity or fraudulent schemes related to the COVID-19 pandemic, email Covid19Fraud@dhs.gov.

ICE.gov (April 2020)COVID-19 fraud domain seized from seller who attempted to sell it using bitcoin

Microsoft Releases Security Updates for Multiple Products


Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library.

These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote attacker can exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Advisory ADV200004 and apply the necessary updates.

Availability of updates for Microsoft software utilizing the Autodesk FBX library

Microsoft is announcing the release of updates to address multiple vulnerabilities found in the Autodesk FBX library which is integrated into certain Microsoft applications.

Details about the vulnerabilities can be found here – https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002

Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

To exploit the vulnerabilities, an attacker must send a specially crafted file containing 3D content to a user and convince them to open it.

The security updates address these vulnerabilities by correcting the way 3D content is handled by Microsoft software.

US-cert.gov (April 2020)Microsoft Releases Security Updates for Multiple Products

US Issues an Advisory on North Korean Cyber Threats

On Wednesday, April 15, the U.S. Departments of State, Homeland Security, and Treasury, and the Federal Bureau of Investigation issued an advisory to raise the awareness of the cyber threat posed by North Korea.


On Wednesday, April 15, the U.S. Departments of State, Homeland Security, and Treasury, and the Federal Bureau of Investigation issued an advisory to raise the awareness of the cyber threat posed by North Korea. 

The advisory highlights North Korea’s malicious cyber activities around the world, identifies U.S. government resources that provide technical and threat information, and includes recommended measures to counter the cyber threat.

North Korea’s malicious cyber activities threaten the United States and countries around the world and, in particular, pose a significant threat to the integrity and stability of the international financial system.  The United States works closely with like-minded countries to focus attention on and condemn disruptive, destructive, or otherwise destabilizing behavior in cyberspace.  

It is vital for foreign governments, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea.

The DPRK’s malicious cyber activities threaten the United States and the broader international community and, in particular, pose a significant threat to the integrity and stability of the international financial system. Under the pressure of robust U.S. and UN sanctions, the DPRK has increasingly relied on illicit activities – including cybercrime – to generate revenue for its weapons of mass destruction and ballistic missile programs.

In particular, the United States is deeply concerned about North Korea’s malicious cyber activities, which the U.S. government refers to as HIDDEN COBRA. The DPRK has the capability to conduct disruptive or destructive cyber activities affecting U.S. critical infrastructure. The DPRK also uses cyber capabilities to steal from financial institutions, and has demonstrated a pattern of disruptive and harmful cyber activity that is wholly inconsistent with the growing international consensus on what constitutes responsible State behavior in cyberspace. 

The United States works closely with like-minded countries to focus attention on and condemn the DPRK’s disruptive, destructive, or otherwise destabilizing behavior in cyberspace. For example, in December 2017, Australia, Canada, New Zealand, the United States, and the United Kingdom publicly attributed the WannaCry 2.0 ransomware attack to the DPRK and denounced the DPRK’s harmful and irresponsible cyber activity. Denmark and Japan issued supporting statements for the joint denunciation of the destructive WannaCry 2.0 ransomware attack, which affected hundreds of thousands of computers around the world in May 2017. 

It is vital for the international community, network defenders, and the public to stay vigilant and to work together to mitigate the cyber threat posed by North Korea. 

The North Korean Cyber Threat Advisory can be viewed at: https://www.us-cert.gov/ncas/alerts/aa20-106a.

State.gov (April 2020) The United States Issues an Advisory on North Korean Cyber Threats