Cybersecurity Snapshots #4 - Cybercriminals Are Capitalizing on Coronavirus Panic

Cybersecurity Snapshots #4 -

Cybercriminals Are Capitalizing on Coronavirus Panic

As the coronavirus (COVID-19) spread increases in intensity around the United States and the world, adversaries are using the fear people have about the spread of the coronavirus to their advantage and are putting out scams related to the virus. The World Health Organization (WHO), Federal Trade Commission (FTC), Securities and Exchange Commission (SEC), and the Better Business Bureau have all issued warnings because of the increase in the number of criminal scams that are tied to the coronavirus. According to researchers at Reuters, since February, victims in the United Kingdom have lost more than £800,000 ($1,000,000) to coronavirus-linked scams.

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a document that provides risk management actions that executives should take to help the address physical issues, supply chain issues, and cybersecurity issues that are arising because of the spread of the coronavirus.

The World Health Organization (WHO) is warning people that criminals are taking advantage of the spread of COVID-19 to try to steal money or sensitive information from users. Adversaries have been posing as WHO representatives through phishing emails, websites, phone calls, text messages, and fax messages. WHO says one should be cautious if the adversary ever asks for login information, sends an attachment in an email that is directing the user anywhere other than www.who.int, and if the adversary is asking for direct donations to the emergency response plans or funding appeals—none of those are valid.

Adversaries are also using the coronavirus to spread malware. In January and February of this year, there was a malware spreading campaign that targeted Japan. The malware that was distributed was Emotet. Emotet is a self-propagating, advanced, and modular Trojan. Emotet was sent through a malicious email attachment that was pretending to be sent by a Japanese disability welfare service provider.

Since the coronavirus outbreak, there has been a noticeable number of new websites with a registered domain name related to the virus. Many of the new domains are being used for phishing attempts. Many of the websites claim to sell face masks, vaccines, and home tests that can detect the virus. Once you put in your shipping information and payment information on these sites, then your personal information and payment information is given to the adversaries, and you never receive the supplies you ordered. The National Fraud Intelligence Bureau (NFIB) has had 21 reports of fraud since February 10th, with many involving the sales of masks. The individuals buy the masks on fake websites but do not receive the product. One person spent over £15,000 ($17,506) for masks and never received them. An example of such a website is vaccinecovid-19\.com, which was created on February 11, 2020. The website was registered in Russia, and the website is insecure. The website proclaims that they sell “the best and fastest test for coronavirus detection at the fantastic price of the equivalent of $300. Some of the websites do ship you a product, but it is a fake version of the product. For example, China alone has seized over 31 million fake face masks that were being sold to people from fake websites. Some of these websites are also spreading fake news and promoting bogus cures, including nasal sprays, necklaces, and even bleach drinks. The sale of fake products and the spread of fake news through these fake websites about the coronavirus, can lead to more people being affected by the coronavirus and even dying from it.

As with other scams and phishing attempts, people should be on the lookout for lookalike domains, spelling errors in emails or websites, emails from unfamiliar email senders, and avoid clicking on links provided in emails from unknown senders.