The COVID-19 crisis is the chance for hackers to attack, following the stress of people and their need to find answers and solutions. That is why, it has been reported that email scams linked to coronavirus have increased dramatically.
BBC reports that email scams are rapidly increasing being a severe threat to those unaware of the risks. Therefore, they present five campaigns that use phishing email, with language written in English, French, Italian, Japanese, and Turkish.
#1 Click here for a cure
It is reported that researchers from Proofpoint cyber security team noticed a strange email sent to customers in February which was sent from a mysterious doctor claiming to have details about a vaccine being covered up by the Chinese and UK governments.
The company then added that those clicking on the email were taken to a spoof webpage designed to harvest login details. It says up to 200,000 of the emails are being sent at a time, adding that three to four variations are launched each day.
Therefore, it is advised that the best way to see where a link will take you is to hover your mouse cursor over it to reveal the true web address. If it looks dodgy, don’t click.
#2 Covid-19 tax refund
Researchers at cyber-security firm Mimecast flagged this scam a few weeks ago, when on the morning they detected it, they saw more than 200 examples in just a few hours.
By clicking on the “access your funds now” it would take you to a fake government webpage, encouraging them to input all their financial and tax information.
In light of this, Carl Wearn, head of e-crime at Mimecast recommends “Do not respond to any electronic communication in relation to monies via email … And certainly do not click on any links in any related message. This is not how HMRC would advise you of a potential tax refund.”
#3 Little measure that saves
It is stated that hackers pretended to represent the World Health Organization (WHO) claiming that an attached document details how recipients can prevent the disease’s spread.
Proofpoint added that the attachment doesn’t provide any useful advice, but infects computers with malicious software called AgentTesla Keylogger. Also, they inform this records every keystroke and sends it to the attackers, a tactic that allows them to monitor their victims’ every move online.
Consequently, BBC recommends that to avoid this scam, be wary of emails claiming to be from WHO, as they are probably fake. Instead visit its official website or social media channels for the latest advice.
#4 The virus is now airborne
The subject line reads: Covid-19 – now airborne, increased community transmission.
They note that it is designed to look like it’s from the Centres for Disease Control and Prevention (CDC). It uses one of the organisation’s legitimate email addresses, but has in fact been sent via a spoofing tool.
Cofense, the cyber-defence provider, first detected the scam and describes it as an example of hackers “weaponising fear and panic”. It says the link directs victims to a fake Microsoft login page, where people are encouraged to enter their email and password. Then victims are redirected to the real CDC advice page, making it seem even more authentic. Of course, the hackers now have control of the email account.
One way to protect yourself is to enable two-factor authentication, so that you have to enter a code texted or otherwise provided to you, to access your email account.
#5 Donate here to help the fight
BBC informs that this case was reported to malware experts Kaspersky. The fake CDC email asks for donations to develop a vaccine, and requests payments be made in the cryptocurrency Bitcoin.
The premise is of course ridiculous, but the email address and signature look convincing. Kaspersky says it has detected more 513 different files with coronavirus in their title, which contain malware.
In the meantime, David Emm, principal security researcher at the firm, commented thay
We expect the numbers to grow, of course, as the real virus continues to spread.
