In our previous postings, we covered WHO and CDC Phishing Scams and Coronavirus Conspiracy Theory Lures. We wanted to make sure you were informed of the cybersecurity attacks that were occurring related to COVID-19.
Unfortunately, these attacks are increasing and many of them are focusing on remote workers since many organizations have transitioned to a work from home model. We always want to make sure that your audience is up-to-date on the current threats so in this blog post we have summarized and provided examples of what we are seeing.
1. Fake Emails From the CDC and the WHO
From the beginning of COVID-19, we have seen several email phishing attacks from cyber criminals posing as government organizations. These have typically appeared to be from either the CDC or WHO and have prompted recipients to click on a malicious link to “more information about COVID-19.” Take a look at some examples:
2. Fake Emails Offering Financial Assistance
We are also seeing email phishing attacks offering financial assistance to recipients. As an example, the email below appears to be from the UK government and asks you to click on a link in order to sign up for a tax refund program. These emails are seeing wide circulation since the recent COVID-19 crisis has many people out of work and these emails appear to offer some relief.
3. Fake Texts and Phone Calls Promising Information
Cyber criminals are not only taking advantage of people’s emails, they are also attempting to contact potential victims via text messaging or phone calls. These smishing and vishing attacks are simply promising the same information that the phishing attacks are; they are just taking on a different mode of communication. Take a look at the text example below—this text masquerades as information from the government asking you to click on a link.
4. Fake COVID-19 Informational Websites.
Everyone is looking online and on news websites to find out real-time information about the COVID-19 outbreak, Cyber criminals are also taking advantage of people’s daily habits by standing up fake malicious websites. This fake website, Corona-Virus-Map.com, contains spyware that can steal your personal information.
5. Fake Apps Offering COVID-19 Assistance
In today’s digital world, bad actors don’t just stop at emails and websites. We are also seeing cyber criminals develop apps. This is an example of an Android app that promises to send you a mask if you install the app and use the order form. It actually wants to access all your contacts so that it can spam them.
As always we urge you to be vigilant and to train your user base on how to recognize and handle these types of attacks. Make sure your users STOP.
- Take a Deep Breath
- Opportunity to Think
- Put the email into Perspective and report the Phish, SMISH, or Vish. Report to your Security Team or IT team for investigation.
If they stop and take a deep breath they will have time to think. They will have time to make sure they recognize the person sending them a link or an attachment before they click on that link or download the file; they will have time to notice that certain key words are misspelled. And perhaps they will think twice before providing any personal information or clicking allow when prompted to share all their contacts. Most importantly, they should report anything that seems suspicious to the appropriate team.
Find more resources that we have put together to help you face COVID-19.