Cybercriminals now recycling standard phishing emails with coronavirus themes

The latest malicious COVID-19 campaigns are repurposing conventional phishing emails with a coronavirus angle, says security trainer KnowBe4.

Cybercriminals like to take advantage of items in the news as way to exploit our interest and concern and fear about timely subjects. That's especially true with phishing emails, which attempt to convince people to fall for malicious links and file attachments related to a specific topic. With the coronavirus upper most in our minds, bad actors have been deploying different waves of COVID-19 phishing emails, each with its own unique approach, according to KnowBe4.

SEE: Coronavirus and its impact on the enterprise (TechRepublic Premium download) 

In a blog post published on Monday, KnowBe4 outlined three distinct waves of coronavirus-themed phishing campaigns.

First wave. Spotted during February and early March, the first wave used relatively straightforward spoofs of emails claiming to be from the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) as well as from HR departments inside targeted organizations. Such emails purportedly provided updates on the coronavirus outbreak to get people to download malicious content.

At the same time, KnowBe4 discovered an increase in spam trying to sell bogus virus-related products and services, including fake vaccines, price-gouged masks and sanitizers, books, videos, and fake miracle cures.

Second wave. In the brief second wave, cybercriminals started playing with a wide array of COVID-19 email templates. Some were more successful than others, according to KnowBe4. But all of them were designed to exploit the growing panic as the virus continued to spread around the world.

Third wave. Seen over the past week, the third and latest wave of malicious campaigns relies on standard and conventional phishing emails updated with images, banners, and other branding about the coronavirus. This third wave has resulted in several different types of scams.

One campaign impersonates trusted file sharing services such as Dropbox, OneDrive, and SharePoint. In this case, a phishing email uses Office 365 branding as part of a Coronavirus Review to direct users to a fake Microsoft login page, while another serves up a phony OneDrive document claiming to offer information on the virus.

coronavirus-review-1a.jpg

Image: KnowBe4

Another campaign uses file sharing within an organization to try to trap people. One email claims to be from your COVID 19 Help Desk with an attached file that contains updates on how to stay safe. Another one says it's from a colleague who can't travel to a meeting due to the quarantine but has included their presentation in the form of an attachment. Both files, of course, lead you to malware.

Scammers are also using the old fake invoice routine with malicious files disguised as invoices, purchase orders, and requests for quotation. Phony package deliveries are another reused theme as the scammers send emails that impersonate the US Post Office, UPS, DHL, and Fedex, with file attachments sent due to a COVID-19 slowdown.

An oldie but goodie in the phishing world is the message that tells you there's a problem with your email account and that you need to log in to confirm or validate it. The latest variant of these scams claims that the coronavirus epidemic has somehow led to your account being deactivated. Also directed to organizations are emails that pretend to be from your IT or HR department with Important COVID-19 Updates and Measures.

coronavirus-notification-2a.jpg

Image: KnowBe4

Another repurposed type of phishing email claims to contain a voice mail attachment with updates on the virus. This particular one spoofs Constant Contact, a popular email service that may be whitelisted by the firewalls and security protection used by many organizations.

Finally, cybercriminals have updated the well-known CEO phishing email. In this one, an email hits your inbox claiming to be from a named senior executive at your company with a request to wire money or send copies of employee W-2 forms. The latest such emails use a subject line related to the coronavirus to lend an air of urgency.

"I've never seen anything remotely like this," Eric Howes, principal lab researcher for KnowBe4, said in a press release. "The cybercriminals who weren't running coronavirus-related phishing scams have now gotten in on these types of scams. With the majority of the global workforce now working from home, everyone needs to be extra vigilant when clicking on links and downloading attachments from emails, especially if the email is related to the coronavirus."

Also see

CORONAVIRUS WARNING SIGN

Image: Getty Images