Just as frequent hand-washing has emerged as the best antidote to the coronavirus as we know it, the most effective way to protect yourself against cybercrime in the time of Covid-19 pandemic is to be vigilant of what you click online.
This is because hackers and online scammers go into overdrive during events that spur panic and anxiety among people, tricking them into giving them sensitive information. Capitalising on coronavirus fears, these financially motivated attackers exploit the disease to spread malware in order to steal data from unsuspecting users.
Although phishing emails abound, cybersecurity professionals have identified new threats, including fake domain names. In fact, according to a report, half of the coronavirus-themed domain registrations are likely to be malicious in nature. What is more, with a surge in employees working from home to avoid the risk of contracting the disease, company data has also been left more vulnerable.
As the coronavirus blows up into a global pandemic, simple precautionary measures like not downloading email attachments from unknown sources can go a long way. Here are some of the campaigns and email scams linked to the coronavirus:-
Emails From ‘Legitimate’ Health Organisations
Mass emails purporting to be from medical organisations, including WHO, include malicious attachments that supposedly contain important information around Covid-19. This, when opened, releases malware that infects the system. Some of these emails also prompts to manually enter email login details, resulting in users unwittingly compromising their data.
WHO had released a notification that implored people to beware of hackers posing as organisation representatives and verify their authenticity before giving away any details via email, websites, text messages and even phone calls.
Another campaign included a coronavirus-themed Microsoft Office document claiming to be from the Ministry of Health of Ukraine. Instead of offering information on combating the disease, the document contained malicious material with capabilities like clipboard stealing, and the ability to copy screenshots from the infected computer.
Tax Refund Scams
With tax season well underway, suspicious emails attempting to take advantage of the coronavirus emergency have not spared dutiful taxpayers either. With many people counting on their tax return to pay their bills, they become easy victims to emails that claim their tax filing are riddled with errors.
Some even promise more money if they file it with their agency, or simply offer refunds instantly at the click of a button. By doing so, they would be taken to a bogus government website where they will be asked to fill all their relevant financial information. This scam was identified by cybersecurity firm Mimecast.
Chinese APT Coronavirus Document
According to a leading cybersecurity solutions firm Check Point, an attack by a Chinese APT group targeted a public sector entity of Mongolia. Dubbed ‘Vicious Panda’, the group sent out two ‘press briefings’ purported to be from the Foreign Affairs Ministry of Mongolia. Both attachments carried a custom remote access malware, which was difficult to detect.
Using coronavirus-related information to disguise its malware-laced messages, the group successfully attacked foreign countries and even some offshore companies.
(Fake) Vaccine Cover-Up
Emails that claimed to be from a doctor having details about a potential vaccine for Covid-19 covered up by some governments have been doing the rounds. This was first flagged by researchers at the cybersecurity firm Proofpoint.
According to the company, by downloading the attached document, users are taken to a bogus web page where they are tricked into submitting their login credentials. This email reportedly branches into three to four different variations each day.
Attack On Covid-19 Tracking Map
Maintained by Johns Hopkins University, this popular Covid-19 tracking map used to track the spread of the coronavirus. Unfortunately, even this has been targeted by hackers who have been impersonating its website. Warning users about this possible malware, representatives of the university implored them to trust only the one that is maintained by ArcGIS.
How does it work? Received through an email, users are asked to download a software that will generate the fake map, thereby infecting them.
Donations For Vaccine Research
A fake email from the Centers for Disease Control and Prevention (CDC) is attempting to lure people into clicking malware-laced links. First reported by Kaspersky, these emails ask people to contribute towards coronavirus vaccine research by making a donation.
What is more, payments are requested to be made in Bitcoins. As ludicrous as it seems, the signature and address used don’t look suspicious at all.