How PPE cyber scammers get their gloves on your money
Online fraudsters adapt to crises because people tend to be less vigilant
The Covid-19 pandemic and the surge in demand for PPE and hospital equipment has provided fertile ground for online scam syndicates.
In a time when desperation outweighs common sense, online fraud syndicates spawned a latticework of fake PPE websites to fleece their unwitting victims.
The scale and reach of the syndicates are now under investigation by internet-hosting firms and the police.
This after cyber-investigation outfit TCG Digital Forensics issued takedown notices for 122 fake PPE websites two weeks ago, the product of an investigation it stumbled upon by accident.
“It was something we came across by accident. I was actually looking for an example of a PPE scam that I could use for a lecture I was giving,” TCG head Craig Pederson told Times Select.
“I started to pick up a number of sites that shared similar characteristics. By the end of it we had unearthed a volume of sites that we believe were platforms for scammers. But it was more work than one person could do,” he added.
Enlisting the help of volunteers, Pederson set about peeling back layer upon layer of internet anonymity and uncovered four syndicates that may have walked about with as much as R20m.
“One of the people I was talking to had been retrenched and he hasn’t worked since lockdown. He took his retrenchment package and money out of his bond to place a R500,000 order for PPE [from a scam website], thinking he would be paid in a week and would make a decent profit. He is now left with nothing and a bond payment he can’t make.”
This is how the scam works: “It starts with the set-up of a website, usually by cloning a legitimate medical website so it looks realistic,” Pederson said.
Then the scammers send out a mass spam e-mail from what appears to be a government agency calling for proposal requests to supply PPE. In their proposal they will attach a specific code to gloves or masks, or anything else that they “need”.
An example would be for M450 nitrile gloves. These codes are not real.
But when the victim inputs the code into Google, they are linked straight back to the scam site because they advertise the non-existent equipment with that specific and fake code.
“When the victim engages with the scammers from the website, they are given a price and told that a deposit will secure the stock. They are told by the fake government official that their proposal has been successful and they will be paid within seven days. The victim thinks they are in the money,” Pederson said.
The fake website supplying the PPE will, according to Pederson, then string the victim along, saying that stock will take several days to be delivered.
“This is to increase the lifecycle on a particular scam site. They have many victims on the hook at the same time,” he said.
As soon as the victim pays the deposit, the scammers go to ground and the buyer is left penniless and empty-handed.
They are essentially caught as a middleman between the scammers on both ends of the value chain.
“Desperate businessmen who have been roiled by this pandemic are keen to reinvent themselves and become the next Covid millionaire, and people don’t look for the warning signs,” he said.
The scammers were quick to adapt to what particular crisis was on the go and preyed on those in desperate situations.
“In between all the medical ones we found a collection of others for industrial construction equipment and even livestock. One site was selling chickens,” Pederson said.
“They evolve with each trend. Load-shedding means solarpower scam sites spring up. Water-shedding sees sites for water-flow meter restrictors and tanks. They move quickly,” he said.
“Fraudsters evolve in a crisis because those are times of easy pickings. People are not as diligent as they should be and there is more demand than supply,” he added.
Anonymous website-hosting was an arrow in the quiver of a scamster.
“You can register a domain with a Gmail address and you can be fairly anonymous in doing that. Hosts don’t do much in terms of knowing their customers.
“They take it on a good-faith basis that they are who they say they are. They allow payment by EFT. You can also walk into a bank and pay cash, and that is further anonymity,” Pederson said.
The pandemic and lockdown have seen an uptick in reports of cybercrime, according to a report by Mimecast.
They found that cybercrime attacks increased by 33% from January to March, with more people forced to work from home.
A key piece of legislation in addressing the latent scourge is the Cybercrimes Bill, a law still to be enacted and bogged down by years of bureaucracy.
“We hope the new cybercrime bill will give us teeth to investigate and it also mandates that the police create more capacity to investigate cybercrime at a station.”
Amanda Manyame, tech law adviser at policy firm Endcode, said the new act would force police to investigate cases of cybercrime.
“Now, as a victim, you can make a report to the police and they may help you, and they might not. But in terms of the new law they will be enjoined to investigate these cases,” she said.
The police had not responded to a request for comment at the time of publishing.