Coronavirus Phishing Scams: Malware as Infectious as the Virus Itself
By Andy Wilkinson, Security Consultant at i-confidential
The novel coronavirus, or COVID-19, understandably dominates news headlines worldwide. This coverage, however, has created the opportunity for a different type of danger – coronavirus phishing scams. Put simply, phishing is a method of using deceptive means to gather personal information, such as bank details, or to infect a device with malware or viruses.
A recent report, from security firm Check Point, found that all coronavirus-related websites created in January and February of this year are 50% more likely to be malicious than other websites created during this period. According to the same report, there have been over 4,000 coronavirus-related domains registered worldwide. Of these, 3% were classified as malicious, and 5% as suspicious. This may not sound high, but it means that approximately 320 websites are currently on the internet with the sole intent of exploiting the public’s genuine concerns.
A number of phishing campaigns are using fake domain names to try and impersonate government health organisations, such as the U.S. Centers for Disease Control (CDC) and the World Health Organisation (WHO). A number of websites also claim to be selling ‘vaccines’ for the coronavirus and offer a heat map of the global infection. These websites, however, are simply a way for cyber criminals to spy on your activity and steal personal information.
Another method being used by cyber criminals is sending emails from addresses which closely resemble those of the WHO and other government bodies. These emails generally guide the recipient to download a document or open a website, both of which install malware and steal personal information.
The domains used for these emails are highly convincing, and it is not easy to spot the difference. An example of this is a recent campaign sending emails from cdc-gov.org, claiming that the CDC has, “established a management system to coordinate a domestic and international public health response.” The email urges the recipient to open a link to a page containing details of new coronavirus cases in the local area. A subsequent page asks for an email address and password to access the site.
As expected, the site is fake, and simply steals the user’s credentials. The domain used in this scam, cdc-gov.org, appears to have official signatures and other seemingly genuine information, but the CDC’s actual domain is cdc.gov – pretty close, right?
Ever since cyber-crime and phishing began, criminals have always taken advantage of human emotion and ‘hot topics’ to steal personal information. But it’s not all bad news. Simply being aware of phishing and other cyber scams is the first step in outsmarting the crooks.
Below are some basic steps you can take to ensure you don’t become a victim of coronavirus phishing scams. Stay safe out there!
Look at the email address, not just the sender – display names can be created which are completely different from the actual address, making it easy for criminals to appear legitimate.
Review address details – ensure that domain names are correctly spelled and exactly match the official domain of the expected sender. If unsure, do a quick web search to check the official contact details of the organisation.
Check attachments and links before opening – hover your mouse over any links to check that they will actually direct you to the expected destination address. Don’t open an attachment unless you are sure it is safe.
Never provide sensitive details over email – it is highly unlikely that a legitimate company would ask for personal information to be sent this way.
Install anti-virus software – this is the first line of defence for protecting your device. Most modern anti-virus apps include browser add-ons which will check website addresses, scan attachments, and warn you or block suspicious websites before you open them.