Cybersecurity firm Forcepoint reports that it has found a number of new phishing and malware scams circulating around the internet with a common theme: They all aim to capitalize on coronavirus and COVID-19 fears.
The tactics being used in this current wave of COVID-19 phishing and malware are nothing new: Phishing attempts are seeking to steal email passwords, fake ads are selling scam products, and traditional malware droppers are being found in infected word documents. In short, it’s all been seen before, but that doesn’t mean this new wave of attacks will be less successful.
Carl Leonard, principal security analyst at Forcepoint, said social engineering tactics like the ones being used by coronavirus scams are particularly dangerous right now due to the fear surrounding the pandemic. “Anxiety and desperation can make it easy to let one’s guard down when it comes to online threats. Cybercriminals exploit these moments by playing on fears in the hope that we will fall for their carefully crafted scams.”
Forcepoint covered three trends it has noticed that everyone should be on the lookout for.
SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium)
Phishing attempts with suspicious attachments
Phishing attacks aim to get users to give up their credentials, and those using COVID-19 to stoke fears are no different.
Forcepoint cites one example of this coming in the form of an email pretending to be a link to a voicemail containing a COVID-19 update. The email contains a small HTML file that directs users to a spoof Microsoft Outlook login page, where they’re prompted to log in to access the recording.
The page is fake, of course, and will harvest user passwords. Like similar phishing pages, the site looks legitimate, but looking at the URL will show that it’s anything but. Aside from that it’s hard to tell the page isn’t legitimate.
Spam messages promising cures and protection
Everyone is on edge right now; tensions are high, anxiety is elevated, and it’s easy to look to false advice to find comfort despite the harm it could potentially cause.
A deluge of spam messages containing promises of natural coronavirus cures, fake products, and secret “virus-proofing” tips are all making the rounds. The emails contain links to suspicious websites, fake products, and other scams designed to separate users from their money and identities.
“When in doubt, research similar goods from reputable websites and brands you have purchased from before. And, starting research through official global health sources such as WHO or CDC can also help with debunking what is real and what may actually be detrimental to your health,” Leonard said.
Malware droppers posing as important notices
Malware droppers are designed to avoid traditional security by not containing any malware themselves. Instead, they’re simple scripts that run on victims’ computers for the purpose of installing other malware.
Commonly spread through malicious documents and attachments, the droppers being spread under the guise of COVID-19 information are no different.
One example cited in the report comes from Italy and purports to be from the WHO. The attached document reportedly contains information to help prevent and fight infections, but is actually just a malware dropper that automatically runs once the user opens the infected file and is tricked into granting it permission to run scripts.
Same as it ever was
The coronavirus outbreak is, hopefully, a once in a lifetime occurrence. Malware, on the other hand, is anything but.
Like other reports of trending malware, the attacks being perpetrated during the COVID-19 pandemic are no different, and neither is preventing them.
- Don’t open email attachments that come from sources you aren’t sure of;
- Never click on a link in an email that directs you to log in to a website. When in doubt, navigate to a login page in your web browser yourself and log in there;
- Important information that comes in the form of an attachment is likely a scam: If the WHO wants you to know what to do to prevent the coronavirus, they’ll simply tell you in the body of the email;
- Pay attention to web and email addresses: If they don’t look legitimate don’t open the message or go to the page;
- Keep your computer, router firmware, and web browser up to date;
- Make sure you have security software installed and keep it up to date as well;
- Be vigilant: If you think there’s any reason to question the legitimacy of a message you receive, simply ignore it–if the person sending it is who they say they are, they’ll follow up if they don’t hear back from you.