The outbreak of the Coronavirus is affecting people, organizations, and nations around the globe. In an environment where people are hungry for information, attackers are taking advantage to spread malware. At the same time, switching to teleworking paves the way for criminals to exploit vulnerabilities and target devices that lack security measures.

Here are some techniques criminals are using in times of crisis and tips on how to stay protected:

COVID-19 themed email phishing attacks

Criminals are now sending e-mails to various targeted individuals claiming to have important information regarding coronavirus. These emails usually contain an attachment or a link and once downloaded or clicked, infects the computer with malware that allows criminals to steal log-in credentials, credit card information or sensitive company data to name a few.

The COVID-19 phishing emails can include the following attachments: a word document, a PDF document, or a link to a website. All these types of attachments, in fact, include malware. Some of the already identified malware includes:

• Trickbot Trojan malware.
• Emotet.
• NanoCore.
• Azorult.

In a worst-case scenario, it can even include ransomware that will encrypt all the files and data on the device and demand a ransom to recover them.

COVID-19 phishing emails can come from several fake senders, including but not limited to:

• WHO (World Health Organization) representatives.
• Public and Government entities such as the Ministry of Health.
• Public and Government figures such as Prime Ministers or Ministers.
• Health institutions.

The COVID-19 themed scams claim to have information regarding the virus, such as:

• Coronavirus updates on the number of cases, mostly or recently affected countries and other related information.
• Safety and health regulations.

Allegedly, the countries that are carrying such attacks have been identified to be China, North Korea and Russia.

How to stay protected:

• Attackers often create addresses with a certain similarity to the legitimate ones. Closely check and verify the sender’s address and if it feels out of place, you know it is a phishing attempt.
• If you are unsure, cross-check it with the entity’s official e-mail address that can be found on their official website. If the domain does not match the one you received, it is most likely a scam.
• Before clicking on any attacked link, always check where it will take you by hovering over it with your mouse. When in doubt, simply don’t click.
• Don’t open any attachments that you are not expecting or that have suspicious extensions such as .exe or .zip files. Additionally, files that ask you to enable macros are often malicious.

COVID-19 themed text or voice phishing attacks

On the other side of the spectrum, criminals are sending out texts to individuals with an attached link that once accessed, infects the device. The content of the text includes many different topics such as offering discounts on major brand products.

At the same time, individuals are receiving phone calls from disguised criminals who are trying to gather as much information as possible. Which is why they use themes centered around COVID-19, luring victims into thinking it is a legitimate call from an established entity.

How to stay protected:

Text messages

• Do not click on links provided in the message that claim to offer anything related to COVID-19.
• Verify the sender if you can. If the number seems “phishy” or out of the area in which you are, do not click the link.

Voice calls

• Do not share any personal information, including your personal details, log-in credentials, credit card information and more.
• If you are unsure who the caller is, ask them to provide you with a phone number or e-mail of their entity. Check if it matches the official information provided on that entity’s website. If you cannot confirm, avoid taking the call.

COVID-19 global cases fake maps

Criminals are exploiting the COVID-19 map, created by Johns Hopkins University, that shows which countries have been affected by the virus together with statistics on the number of cases and deaths. The fake map perfectly mimics the original Johns Hopkins University map, making it difficult to distinguish among the two. The only difference is the host website. Criminals have created fake websites that offer the same map, but with malicious information-stealing software. Once the fake website is accessed, the malware is used to steal log-in credentials, cookies, cryptocurrencies, credit card information, and more.

How to stay protected:

• Do not open any link disguised as the Johns Hopkins University COVID-19 map. Always double-check the website address and match it with the official Johns Hopkins University website address.
• The official website for the COVID-19 Global Cases Map by Johns Hopkins University is the following: https://coronavirus.jhu.edu/map.html.

COVID-19 fake news

Cyber attackers are now creating thousands of fake websites to spread fake information to either raise more public fear or to infect a device with malware. These websites that spread information usually include attractive headlines with news that are not yet seen on any other official news channel. This makes it easier to lure people into either sharing the news on social media platforms, spreading fake news, or accessing a website that is heavily infected with malware.

How to stay protected:

• Do not let enticing headlines affect you. Always check the source of the news.
• If unsure, check the major official news channels to confirm the information.
• Do not share or spread any news without double-checking the credibility of the source.

If you or your organization needs security measures to ensure that all your digital assets are safe, contact us at [email protected].