Coronavirus Phishing Scams

Uploaded on 2020-05-15 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Health concerns aren't the only thing you need to watch out for in the pandemic. Cybercriminals are taking full advantage of the world's confusion by targeting people and businesses when they're at their most vulnerable. While cybercrime of all kinds is on the rise, phishing has emerged as a current favorite of coronavirus scammers.
 
As of May 1, the U.K. has reported 4,727 coronavirus-related phishing emails, leading to more than £2 million in losses. In the U.S., damages from these emails have surpassed $4 million as of May 11. Many of these scams use similar tactics, so here are a few of the most common ones you may encounter.
 
Impersonating Health Authorities
As you might have predicted, many phishers are sending emails under the guise of official health figures. By pretending to be an authority like the World Health Organization (WHO), cybercriminals fool unsuspecting users into clicking malicious links. Amid all the confusion surrounding the virus, people may let their guard down, desperate for information.
 
These emails impersonate official sources offering updates on the spread of the virus. Since many of these organizations are sending out regular updates, you can see why people may fall for these scams. Since they contain relevant subject lines like "Coronavirus Updates" or "COVID-19 News," email filters may not label them as spam, either.
 
Fraudulent Outbreak Maps
A similar and equally prevalent scheme is to present a malicious link to an outbreak map. This scam is particularly effective because Johns Hopkins University has released an official interactive COVID-19 map. Some phishing attempts link to the Johns Hopkins map but install AzorUlt Trojans in the process.
 
Other similar campaigns involve mimicking the official map but taking users to a fraudulent, malware-infested one instead. Like with phishing scams parading as the WHO, these attempts take advantage of users' desire for information. In their haste to learn more, they may not double-check to see if the source is legitimate or not.
 
Imitating Government Officials
Health organizations aren't the only groups that coronavirus phishers are impersonating. Many governments are providing monetary or informational support to their citizens, which presents cybercriminals with the perfect opportunity. Scammers pretending to represent the U.S. CARES Act or the U.K.'s HMRC are on the rise.
Businesses are especially susceptible to these scams, as many government programs offer tax relief or loan forgiveness for companies. Unfortunately, organizations also have the most to lose, risking both their livelihood and reputation in the event of identity fraud. Global economies are already in decline, making these scams all the more devastating.
 
Tips on Avoiding Coronavirus Phishing
While the pandemic has spurred a rise in phishing, you aren't defenseless against these scams. You and your business can avoid falling prey to coronavirus phishers by maintaining safe internet practices. Amid all the confusion, you mustn't lose sight of basic cybersecurity measures. 
 
Understanding what forms many of these scams take is the first step in preparedness. Know that almost 20% of all phishing emails today include coronavirus-related information or content. You should subject anything containing this type of material to additional scrutiny.
 
The only thing separating these new scams from older ones is their prevalence and the growing public confusion. If you take the time to remember foundational security measures like inspecting links and not clicking on unknown addresses, you'll be safe. Here are some reminders to keep in mind: 
  • Always verify an email's source before clicking any links or opening attachments.
  • Just because an email address looks official doesn't mean it is.
  • Never give personal information away over email.
  • Government agencies will never ask for you for money, especially in cryptocurrency.
  • If anything sounds too good to be true, it probably is.
  • For information regarding COVID-19, check official sources like the WHO's website, not emails. 
Protecting Your Business During COVID-19
If you practiced safe email behavior before the outbreak, you should be safe. Just remember to continue these practices, and double-check everything if you didn't already. These are confusing times for everyone, but you can't afford to let your guard down.
 
Many things are changing in response to the pandemic, but the threat of phishing hasn't. Cybercrime is as prevalent as ever, so make sure you and your business are taking steps to defend against it. The phishing scams of the coronavirus are a growing threat, but you can handle it with robust cybersecurity.
 
Caleb Danziger writes about science and technology at TheByteBeat.com
 
You Might Also Read:
 
Spear Phishing Threats & Trends:
 
 
« CISO's Cant Find The Right People
‘We Hacked Your Website’ Blackmail Scam »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Lookout

Lookout

Lookout is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack.

Truth Technologies Inc (TTI)

Truth Technologies Inc (TTI)

TTI is a premier provider of worldwide anti-money laundering, anti-fraud, customer identification, and compliance products and services.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Alan Turing Institute

Alan Turing Institute

Alan Turing Institute is the UK national institute for data science. A major focus is Big Data analysis with applications including cyber security.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

GulfTalent

GulfTalent

GulfTalent is the leading job site for professionals in the Middle East and Gulf region covering all sectors and job categories, including cybersecurity.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

Cryptika

Cryptika

Cryptika is a fully integrated IT security and managed services provider, specialized in Next-Generation Cyber Security Technologies.

CyberCX

CyberCX

CyberCX provides services from strategic consulting, security testing and training to world-class managed services and engineering solutions.

e360

e360

e360 (formerly Entisys360) is an award-winning IT consultancy specializing in advanced IT infrastructure, virtualization, security, automation and cloud first solutions.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.