All eyes and ears have been focused on COVID-19 lately, with everyone waiting to hear the most recent news and the next steps to take. Individuals and businesses have been taking every precaution to prepare and avoid contracting or spreading Coronavirus. But while everyone else is preparing to change and adapt, unfortunately so are hackers. Hackers have been utilizing fear and vulnerability to get users to open their messages, which then infects computers and other digital devices with malware.
Listed below are a few of the methods of Coronavirus hackers, and how you can be on the lookout to avoid these scams and stay safe.
What are phishing attacks
Phishing is an online attack by hackers conducted via email, social media, messaging services, and other apps in order to gain access to their target’s computers and other electronic devices. These emails and messages may ask the victims to click on links or enter personal information, such as passwords or bank information. This allows hackers to gain access to their victim’s accounts, or may install malware. By using the retrieved information, hackers can carry out identity theft, fraud, or buying and selling on the dark web. Symantec researchers suggest that around 135 million phishing attacks are attempted every day. Lately, hackers have been using COVID-19 as a phishing lure, and this is expected to increase as virus publicity increases. Cybercriminals have also been disguising their attacks under the names of trusted brands, such as the World Health Organization (WHO) and the U.S. Center for Disease Control & Prevention (CDC).
TrickBot is a type of Trojan malware cybercriminals use to steal banking credentials. They use Trojans, which are malicious files designed to look legitimate, that collect the banking usernames and passwords and send them back to the hackers.
Amidst the COVID-19 crisis, a new TrickBot banking Trojan has been identified. This Trojan claims to be from the World Health Organization (WHO) and contains a Word document claiming to contain information on how to prevent Coronavirus infection. The message states that it uses an earlier version of Microsoft Word, and prompts the user to enable macros. By clicking on the link, however, the user then installs TrickBot on their device. This allows hackers to gain access to confidential information and install other forms of malware.
Lokibot malware uses a keylogger to steal sensitive information from victims, such as usernames, passwords, and banking information. Researchers at Fortinet have identified this phishing campaign, which uses the subject ‘Coronavirus Customer Advisory’ and claims to come from a delivery company offering updates on the impact that Coronavirus is having on its operations. The email contains what appears to be a PDF file. However, if the user runs this file Lokibot malware is installed.
Other coronavirus-related hacking campaigns, which have been identified by researchers at Proofpoint, include installing malware such as Emotet, NanoCore and Asorult. These forms of malware give hackers access to corporate networks and allow them to steal personal data.
The World Health Organization (WHO) has issued its own warning about scammers posing as the organization. Hackers posing as WHO have been sending emails claiming to be representatives from the organization, asking their targets to click on links, open attachments, or hand over sensitive and personal information. WHO has stated, however, that it will not ask people to login to view information, open unexpected attachments, or enter financial information. All legitimate emails from WHO will come from @who.int email addresses, and anything from any other domain should be handled with caution. For more information, go directly to the WHO or CDC websites, or other government agency websites. Most agencies do not communicate via email, so they most likely do not even know your email address.
What to watch for and how to protect yourself
To avoid cyber-attacks, turn off macros, be cautious about what you choose to click, and delete emails or messages that are suspicious or come from an unexpected source. If you are contacted by a source that appears to be WHO, the CDC, or another similar organization, be sure to verify authenticity before responding or clicking on any articles or links. If you suspect an email or message you received claiming to be from WHO, CDC, or another source is a scam, report it to the organization. Do not open any COVID-19 related links or attachments received via email, and do not be fooled by legitimate-looking branding. Hackers have been creating emails which look valid and use a sense of urgency to lure in their targets. If you want up-to-date COVID-19 news, go directly to the WHO and CDC websites, or other government agencies. Be cautious of any email, pop-up, or message which asks for you to enter personal information, bank details, or a social security number. Finally, trust your gut. If an email or message seems strange or off, report it to firstname.lastname@example.org and do not click on it.
Palmer, Danny. “Nasty Phishing Scams Aim to Exploit Coronavirus Fears.” ZDNet, 2020, https://www.zdnet.com/article/nasty-phishing-scams-aim-to-exploit-coronovirus-fears/.O’Hare, Mark.
“Protect Yourself during COVID-19.” Mimecast CISO, 2020.