For many cybercriminals, the global coronavirus pandemic has been a golden opportunity for fraud.

And we haven’t even seen the worst of it yet.

Scammers love crises. From the criminal’s perspective, few things are better for cultivating new victims than a natural disaster or a social crisis.

Why? Because scams work best when people aren’t thinking clearly. When people are highly emotional, scared or anxious, as they usually are during a crisis, they tend to make impulsive decisions. This is exactly what the scammers want.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Read more: What to do if your identity has been stolen” data-reactid=”20″>Read more: What to do if your identity has been stolen

A woman uses a smartphone and a mobilephone in front of a laptop on April 3, 2019. (Photo by ISSOUF SANOGO/AFP via Getty Images)A woman uses a smartphone and a mobilephone in front of a laptop on April 3, 2019. (Photo by ISSOUF SANOGO/AFP via Getty Images)
A woman uses a smartphone and a mobilephone in front of a laptop on April 3, 2019. (Photo by ISSOUF SANOGO/AFP via Getty Images)

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Cybercriminals are opportunists, and during a “normal” crisis — like a natural disaster — the opportunities are often short-lived. But the current crisis (or, rather,&nbsp;crises) is different. The pandemic isn’t going away anytime soon. Companies are not going to bring back all of their employees into the office. Instead, remote work will become a permanent fixture of the corporate world.” data-reactid=”32″>Cybercriminals are opportunists, and during a “normal” crisis — like a natural disaster — the opportunities are often short-lived. But the current crisis (or, rather, crises) is different. The pandemic isn’t going away anytime soon. Companies are not going to bring back all of their employees into the office. Instead, remote work will become a permanent fixture of the corporate world.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="The health crisis has also provoked an&nbsp;economic crisis that won’t be resolved in a year, and probably not even in two. While the stock market may rebound, unemployment will remain high. And amid all of this chaos, a social crisis is brewing. The George Floyd protests could be the beginning of&nbsp;wider social anger and disarray, as the pandemic exacerbates long simmering issues such as racial tension and economic inequality.” data-reactid=”33″>The health crisis has also provoked an economic crisis that won’t be resolved in a year, and probably not even in two. While the stock market may rebound, unemployment will remain high. And amid all of this chaos, a social crisis is brewing. The George Floyd protests could be the beginning of wider social anger and disarray, as the pandemic exacerbates long simmering issues such as racial tension and economic inequality.

All of these changes are affecting cybercrime too. Cybercriminals are nothing if not adaptive and creative, and they smell opportunity amid all of this disorder. What began as N95 mask scams and CDC spoofing is now evolving into more organized and determined criminal efforts. 

Here are seven ways cybercrime is changing amid the pandemic: 

<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="WFH will be a major target for hackers &nbsp;” data-reactid=”36″>WFH will be a major target for hackers  

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Get ready for a&nbsp;wave of corporate and small business data breaches.” data-reactid=”37″>Get ready for a wave of corporate and small business data breaches.

With so many companies shifting to remote workforces, hackers see an unprecedented opportunity to bypass the corporate firewall and get access to coveted data they can sell on the black market. This ranges from customer card numbers to corporate logins, employee information, intellectual property, bank accounts, tax IDs, insurance accounts and more.

A lower school substitute teacher works from her home due to the Coronavirus outbreak on April 1, 2020 in Arlington, Virginia. - Her role in the school changed significantly when Coronavirus hit. She was previously working part time to support teachers when they needed to be absent from the classroom and now she helps them to build skills with new digital platforms so they can continue to teach in the best way for their students and their families.The middle school (grades 6-8) has most regularly been using Zoom and the lower grades have been using Zoom with parents. (Photo by Olivier DOULIERY / AFP) (Photo by OLIVIER DOULIERY/AFP via Getty Images)A lower school substitute teacher works from her home due to the Coronavirus outbreak on April 1, 2020 in Arlington, Virginia. - Her role in the school changed significantly when Coronavirus hit. She was previously working part time to support teachers when they needed to be absent from the classroom and now she helps them to build skills with new digital platforms so they can continue to teach in the best way for their students and their families.The middle school (grades 6-8) has most regularly been using Zoom and the lower grades have been using Zoom with parents. (Photo by Olivier DOULIERY / AFP) (Photo by OLIVIER DOULIERY/AFP via Getty Images)
A lower school substitute teacher works from her home due to the Coronavirus outbreak on April 1, 2020 in Arlington, Virginia. (Photo by OLIVIER DOULIERY/AFP via Getty Images)

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Hackers will exfiltrate as much data as they can, and sell it on the Dark Web. Businesses will have a hard time stopping these attacks, because WFH undermines the ‘security perimeter,’ makes monitoring difficult and&nbsp;puts employees in charge of security. After all, remote desktop tools are essentially commercial backdoors that you pipe into the company’s network.” data-reactid=”50″>Hackers will exfiltrate as much data as they can, and sell it on the Dark Web. Businesses will have a hard time stopping these attacks, because WFH undermines the ‘security perimeter,’ makes monitoring difficult and puts employees in charge of security. After all, remote desktop tools are essentially commercial backdoors that you pipe into the company’s network.

And with most employees working from insecure environments (consumer-grade WiFi routers, home PCs that probably have malware on them already, game consoles sharing the network, etc.), the chances of compromise are going through the roof. Employee isolation is another factor. Phishing emails are a lot more effective when you can’t peak over the cubicle to ask your co-worker if that email really came from them.

<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Ransomware gangs are getting more aggressive” data-reactid=”52″>Ransomware gangs are getting more aggressive

While crises are usually a boon for cybercriminals, the current economic crisis could make it harder for some ransomware victims to pay up. Perhaps because of this, ransomware groups are getting more aggressive in their tactics. The most significant change is the use of “business shaming”. If the victim refuses to pay, the hackers will threaten to publicly expose or auction their data.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="The&nbsp;REvil ransomware group&nbsp;recently debuted an&nbsp;eBay-like auction site&nbsp;for stolen information. The Maze ransomware group also created a new data leak site to advertise the stolen information. Going forward, businesses that get infected with ransomware could face higher costs than before, not only in the extortion fee, but in the reputational damage and long-term business implications from this type of exposure.” data-reactid=”58″>The REvil ransomware group recently debuted an eBay-like auction site for stolen information. The Maze ransomware group also created a new data leak site to advertise the stolen information. Going forward, businesses that get infected with ransomware could face higher costs than before, not only in the extortion fee, but in the reputational damage and long-term business implications from this type of exposure.

A partial screenshot from the REvil ransomware group’s Dark Web blog taken by Krebson Security. A partial screenshot from the REvil ransomware group’s Dark Web blog taken by Krebson Security.
A partial screenshot from the REvil ransomware group’s Dark Web blog taken by Krebson Security.

<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Cybercrime alliances are forming” data-reactid=”72″>Cybercrime alliances are forming

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Maze recently announced it is&nbsp;forming a cartel&nbsp;with other ransomware crime groups, in order to expand operations and&nbsp;exert more pressure&nbsp;on victims.” data-reactid=”73″>Maze recently announced it is forming a cartel with other ransomware crime groups, in order to expand operations and exert more pressure on victims.

This may be the beginning of a broader trend in the crime industry, as hacking groups increase cooperation with one another to become more profitable and prolific during the economic downturn.

Already, criminals frequently “rent” botnets and other services from hackers in the Dark Web, so it wouldn’t be a stretch to see a greater collaboration.

<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Hacktivism will make a comeback” data-reactid=”76″>Hacktivism will make a comeback

Ok, so “hacktivism” never really went away, but it’s certainly been a lot less prolific than it was during the heydays of the early 2010s. Hacktivists could stage a comeback very soon, spurred on by the social justice causes that are gaining new urgency amid the pandemic.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="The hacktivist group Anonymous has already claimed credit for&nbsp;disabling the Minneapolis Police Department website&nbsp;during the George Floyd protests, and unknown activists also reportedly&nbsp;jammed the Chicago Police Department’s emergency radio system. Hacktivists have traditionally latched onto social causes and issues, such as the&nbsp;2014 Ferguson protests,&nbsp;Iran’s disputed 2009 election, and&nbsp;countering the Westboro Baptist Church.” data-reactid=”78″>The hacktivist group Anonymous has already claimed credit for disabling the Minneapolis Police Department website during the George Floyd protests, and unknown activists also reportedly jammed the Chicago Police Department’s emergency radio system. Hacktivists have traditionally latched onto social causes and issues, such as the 2014 Ferguson protestsIran’s disputed 2009 election, and countering the Westboro Baptist Church.

A protester from the online activist group "Anonymous" wearing a Guy Fawkes mask walks with a flag during a protest rally in New York, November 5, 2015. The group claims to be mobilizing protests in more than 600 cities worldwide as part of what they call the "Million Mask March" held on Guy Fawkes day. REUTERS/Shannon Stapleton TPX IMAGES OF THE DAY A protester from the online activist group "Anonymous" wearing a Guy Fawkes mask walks with a flag during a protest rally in New York, November 5, 2015. The group claims to be mobilizing protests in more than 600 cities worldwide as part of what they call the "Million Mask March" held on Guy Fawkes day. REUTERS/Shannon Stapleton TPX IMAGES OF THE DAY
A protester from the online activist group “Anonymous” wearing a Guy Fawkes mask walks with a flag during a protest rally in New York. (REUTERS/Shannon Stapleton TPX IMAGES OF THE DAY)

<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Digital skimmers are the new credit card threat” data-reactid=”90″>Digital skimmers are the new credit card threat

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Brick-and-mortar retail was already on life support, but the&nbsp;pandemic&nbsp;may have just pulled the plug. With in-store sales plunging even more than they were before, and&nbsp;more consumers moving online, the hackers are following.” data-reactid=”91″>Brick-and-mortar retail was already on life support, but the pandemic may have just pulled the plug. With in-store sales plunging even more than they were before, and more consumers moving online, the hackers are following.

Expect to see a major increase in the stealthy digital attack known as “formjacking” (aka “Magecart” and “e-skimming”) throughout the year and into the next, as hackers follow the money. Formjacking was already prolific, but as more shoppers skip the store to avoid exposing themselves to the virus, that makes point-of-sale RAM scrapers less profitable for criminals.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="In recent weeks,&nbsp;Claire’s&nbsp;and&nbsp;Fitness Depot&nbsp;became the latest victim of this online crime wave, and&nbsp;many more companies will follow. Formjacking isn’t just a threat to retailers. Any company that accepts user-submitted information, from online forms to logins, can be at risk. According to one security firm,&nbsp;less than 1% of website operators&nbsp;have implemented the right security measures to prevent these attacks.” data-reactid=”93″>In recent weeks, Claire’s and Fitness Depot became the latest victim of this online crime wave, and many more companies will follow. Formjacking isn’t just a threat to retailers. Any company that accepts user-submitted information, from online forms to logins, can be at risk. According to one security firm, less than 1% of website operators have implemented the right security measures to prevent these attacks.

DENVER, CO - JUNE 18: Chris Valdez with Bubba Dukes BBQ swipes a card using square system for his transaction June 18, 2015 at Civic Center Park. Food truck vendors set up for the afternoon lunch crowd at Civic Center Park. How are small businesses and entrepreneurs that use credit card readers like Square that attach to their phone or tablet handling the Oct. 1 deadline to have card readers that can handle cards with microchips. Among those affected are food truck operators. (Photo By John Leyba/The Denver Post via Getty Images)DENVER, CO - JUNE 18: Chris Valdez with Bubba Dukes BBQ swipes a card using square system for his transaction June 18, 2015 at Civic Center Park. Food truck vendors set up for the afternoon lunch crowd at Civic Center Park. How are small businesses and entrepreneurs that use credit card readers like Square that attach to their phone or tablet handling the Oct. 1 deadline to have card readers that can handle cards with microchips. Among those affected are food truck operators. (Photo By John Leyba/The Denver Post via Getty Images)
Chris Valdez with Bubba Dukes BBQ swipes a card using square system for his transaction at Civic Center Park. (Photo By John Leyba/The Denver Post via Getty Images)

<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="HR in the crosshairs” data-reactid=”105″>HR in the crosshairs

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="In recent weeks, there’s been a lot of discussion about the growing risk of&nbsp;job scams&nbsp;for out of work Americans.” data-reactid=”106″>In recent weeks, there’s been a lot of discussion about the growing risk of job scams for out of work Americans.

But cybercriminals are also doing the reverse — targeting human resource departments with fake job applications, in order to get a backdoor into the company. The latter is going to be one of the major threats for businesses going forward, as it will often be very difficult for HR officers to tell the difference between real and fake job applicants. 

SAN FRANCISCO, CALIFORNIA - SEPTEMBER 12, 2018: A 'Help Wanted' sign in a shop window in San Francisco, California. (Photo by Robert Alexander/Getty Images)SAN FRANCISCO, CALIFORNIA - SEPTEMBER 12, 2018: A 'Help Wanted' sign in a shop window in San Francisco, California. (Photo by Robert Alexander/Getty Images)
A ‘Help Wanted’ sign in a shop window in San Francisco, California. (Photo by Robert Alexander/Getty Images)

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Sophisticated crime groups like TA505&nbsp;have already been actively involved in “poisoned CV” campaigns, and other hacking groups are using&nbsp;bogus CVs&nbsp;to steal financial information. Since HR departments are used to receiving email attachments, or links to online resumes, from unknown parties, they are more susceptible to these phishing campaigns.” data-reactid=”119″>Sophisticated crime groups like TA505 have already been actively involved in “poisoned CV” campaigns, and other hacking groups are using bogus CVs to steal financial information. Since HR departments are used to receiving email attachments, or links to online resumes, from unknown parties, they are more susceptible to these phishing campaigns.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Hackers are also using using legitimate tools (ex:&nbsp;Windows’ Task Scheduler) instead of malware to spread the infection or sending malicious messages through LinkedIn.” data-reactid=”120″>Hackers are also using using legitimate tools (ex: Windows’ Task Scheduler) instead of malware to spread the infection or sending malicious messages through LinkedIn.

<h2 class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Business identity theft will entangle more companies” data-reactid=”121″>Business identity theft will entangle more companies

You’ve heard of personal identity theft, but did you know the same thing can happen to companies?

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Cybercriminals that are able to steal a company’s employer identification number (EIN), insurance information, credit card number, vendor number or business email accounts can effectively&nbsp;impersonate that company&nbsp;in order to defraud it. They can&nbsp;claim tax refunds, place orders, make fake insurance claims, transfer money or defraud other businesses on your company’s behalf.” data-reactid=”123″>Cybercriminals that are able to steal a company’s employer identification number (EIN), insurance information, credit card number, vendor number or business email accounts can effectively impersonate that company in order to defraud it. They can claim tax refunds, place orders, make fake insurance claims, transfer money or defraud other businesses on your company’s behalf.

John Bumgarner, a cyber warfare expert who is chief technology officer of the U.S. Cyber Consequences Unit, a non-profit group that studies the impact of cyber threats, works on his laptop computer during a portrait session in Charlotte, North Carolina December 1, 2011. A cyber warfare expert claims he has linked the Stuxnet computer virus that attacked Iran's nuclear program in 2010 to Conficker, a mysterious worm that surfaced in late 2008 and infected millions of PCs. Conficker was used to open back doors into computers in Iran, then infect them with Stuxnet, according to research Bumgarner, a retired U.S. Army special-operations veteran and former intelligence officer. To match Insight - CYBERSECURITY/IRAN REUTERS/John Adkisson (UNITED STATES - Tags: SCIENCE TECHNOLOGY MILITARY)John Bumgarner, a cyber warfare expert who is chief technology officer of the U.S. Cyber Consequences Unit, a non-profit group that studies the impact of cyber threats, works on his laptop computer during a portrait session in Charlotte, North Carolina December 1, 2011. A cyber warfare expert claims he has linked the Stuxnet computer virus that attacked Iran's nuclear program in 2010 to Conficker, a mysterious worm that surfaced in late 2008 and infected millions of PCs. Conficker was used to open back doors into computers in Iran, then infect them with Stuxnet, according to research Bumgarner, a retired U.S. Army special-operations veteran and former intelligence officer. To match Insight - CYBERSECURITY/IRAN REUTERS/John Adkisson (UNITED STATES - Tags: SCIENCE TECHNOLOGY MILITARY)
John Bumgarner, a cyber warfare expert, works on his laptop computer during a portrait session in Charlotte, North Carolina. (Photo by REUTERS/John Adkisson)

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="With so many businesses in disarray following the outbreak and economic shutdown, cybercriminals are going to take advantage of this distraction to pull off more of this fraud.&nbsp;Business identity theft&nbsp;was already taking place before the pandemic, but it’s going to get a lot worse over the coming year — and beyond.” data-reactid=”135″>With so many businesses in disarray following the outbreak and economic shutdown, cybercriminals are going to take advantage of this distraction to pull off more of this fraud. Business identity theft was already taking place before the pandemic, but it’s going to get a lot worse over the coming year — and beyond.

The bottom line is that businesses can expect a rocky year ahead, not only from the pandemic, but from an overall rise in cybercrime activity. We’ll see more technically savvy individuals around the world turn to cybercrime to pay the bills — and few targets are as rich as American businesses.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Jason Glassberg is co-founder of&nbsp;Casaba Security,&nbsp;a cybersecurity and ethical hacking firm that advises cryptocurrency businesses, traditional financial institutions, technology companies and Fortune 500s. He is a former cybersecurity executive for Ernst &amp; Young and Lehman Brothers.” data-reactid=”137″>Jason Glassberg is co-founder of Casaba Security, a cybersecurity and ethical hacking firm that advises cryptocurrency businesses, traditional financial institutions, technology companies and Fortune 500s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="READ MORE:” data-reactid=”138″>READ MORE:

<p class="canvas-atom canvas-text Mb(1.0em) Mb(0)–sm Mt(0.8em)–sm" type="text" content="Follow Yahoo Finance on&nbsp;Twitter,&nbsp;Facebook,&nbsp;Instagram,&nbsp;Flipboard,&nbsp;LinkedIn, and&nbsp;reddit.” data-reactid=”143″>Follow Yahoo Finance on TwitterFacebookInstagramFlipboardLinkedIn, and reddit.