Cyber Security Center

Phishing and malware emails exploit coronavirus fears


Malicious actors are exploiting people’s fears of the coronavirus, and are using it to steal personal information and spread malware.

 

The coronavirus outbreak is wrecking havoc around the world, and malicious actors are using this to their own advantage. Several coronavirus-themed malware and phishing campaigns have been noticed to be going around, targeting vulnerable users. It’s not entirely surprising as cyber crooks are always looking for ways to make life difficult for people.

There are a few different campaigns going around but they do have one thing in common – the COVID-19 outbreak. Many people are on edge because of the outbreak and may be more susceptible to the phishing and malware emails.

Scammers claim to be from the CDC

Cyber security vendor Kaspersky has reported about coronavirus-themed phishing emails that are trying to steal users’ email login credentials. The emails are made to seem like they are sent from the Centers for Disease Control and Prevention (CDC), a legitimate federal agency in the US, and warn about alleged new coronavirus cases near the receiver. The receiver is asked to click on the provided link to read about the new cases, which would supposedly help with avoiding potential hazards.

Screenshot (127)

Image: Kaspersky

This particular phishing email is somewhat sophisticated. As Kaspersky reports, it’s sent from a convincing domain cdc-gov.org. While the legitimate CDC domain is cdc.gov, the fake one is convincing enough not to cause suspicion at a quick glance. But even if an email address looks legitimate it doesn’t mean that it is. If you receive an unsolicited email from an unknown sender and it asks you to engage in some way (clicking on a link, opening an attachment, etc.), always check that the email address actually belongs to the company/person the sender is claiming to be.

The link which the receiver is asked to click on looks like the legitimate cdc.gov website but hovering over the link would reveal that it would lead to a completely different site. Those who click on the link will be taken to a site that is supposed to look like Microsoft Outlook. It may be the case that malicious actors are trying to make it seem like logging into email is necessary to access the article. This is never actually the case and makes it obvious that it’s a phishing attempt.

Another spam campaign hiding behind CDC’s name is requesting users to donate money to fight the coronavirus and create a vaccine. The email claims that because of the huge costs, the CDC is struggling to fund everything and needs donations “from $10 to any amount”. The donations are requested in Bitcoin. If the bad grammar in the email wasn’t a dead giveaway, the fact that a federal agency is asking for donation in Bitcoin should make everything quite obvious.

Screenshot (128)

Image: Kaspersky

This is a rather poor attempt to scam people because tech-savvy people will realize immediately that they’re dealing with a scam, while people who fall for this are unlikely to know how to use Bitcoin.

Coronavirus used to distribute malware

Kaspersky also reported about malware being distributed in coronavirus-themed emails.

“Kaspersky’s technologies have found malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments and even virus detection techniques,” Kaspersky’s report says.

It’s likely that malicious actors will pretend to be health organizations, like the World Health Organization (WHO) or the CDC, when sending these emails. Users will not be as suspicious, or at least less so, if they think health organizations are sending them tips on how to avoid catching the coronavirus and what to do in case of infection.

The FTC and WHO warn against coronavirus-themed phishing and malware emails

US’s Federal Trade Commission (FTC) has warned people about malicious actors creating websites to sell coronavirus related products, and sending malicious emails and texts in order to get personal information and steal money.

“The emails and posts may be promoting awareness and prevention tips, and fake information about cases in your neighborhood. They also may be asking you to donate to victims, offering advice on unproven treatments, or contain malicious email attachments,” the FTC said in a blog post.

The FTC advises users to not click on unknown links, be wary of emails claiming to be fro the CDC, ignore online offers for vaccinations, and do research before making donations.

The World Health Organization (WHO) has also warned people about scammers using the COVID-19 outbreak to steal money and sensitive information.

“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency. This fraudulent action is called phishing,” the organization has said.

The phishing emails, claiming to be from WHO, will ask users to provide sensitive information (usernames and passwords), click on malicious links and open malicious email attachments. Engaging with such emails could lead to a malware infection and stolen personal information.

The organization advises users to verify the sender by checking their email address, check the link before clicking, not carelessly reveal personal information, and report a scam if encountered.