Cyber criminals are taking advantage of the COVID-19 coronavirus epidemic to spread infection to the computers in order to steal money or sensitive information.
The hackers are sending phishing mails about the outbreak which appear to be from business partners or public institutions. They make the receivers open the messages and infecting their system with malware.
The cybersecurity firm Proofpoint Inc. stated that since the end of January the total number of malicious emails mentioning the coronavirus has increased significantly. The security firm which is monitoring the activity assigned an analyst to track coronavirus threats. Proofpoint’s senior director, Sherrod DeGrippo said that they haven’t done such a thing for any other earlier hacking campaigns related to disasters or major public events.
Now everyday, the analysts see multiple email campaigns mentioning the coronavirus. Usually, natural disasters are very localized.
The lack of information about the plague together with plenty of conflicting claims gives an opening for criminals.
The email was made to look like a company’s purchase order for some products, thereby tricking an employee into making payments to a fraudulent account.
The cybersecurity company Kaspersky Lab stated that they had detected 403 of its security products users affected with 2,673 coronavirus-related files. It is not known how the malware entered onto the devices.
The first group that began to be targeted were the Japanese residents who received emails pretending to be from regional health-care facilities. The messages contained legitimate contact information for key personnel as well.
According to IBM that were tracking the scams, these email targeted mainly the enterprise users, and they received messages like a reply to an earlier message or a warning that people are getting from the government.
Attackers have sent emails about different types of malware. They hackers found that mentioning the coronavirus are much more creative and sophisticated than typical spam.
The companies in the transportation sector even received mails claiming to be from a World Health Organization employee. It contained a WHO logo and instructions about how to monitor crews aboard ships for coronavirus symptoms, and also had an attachment with instructions.
The WHO also published a warning about coronavirus email scams on its website and asked victims to report if they receive such emails.
Ms. DeGrippo stated that social engineering based on fear is far more effective. Since most of the companies and municipal authorities depend on emails to communicate policies regarding the outbreak and their plans for handling people who may have been exposed, phishing becomes an effective method for such crisis.
All users are highly recommended to be vigilant and check properly if you receive any suspicious mails. Avoid clicking any links in the emails and do not download the attachments.