NPC Security Alerts
Cybercriminals Exploiting the Current Coronavirus Outbreak with Malicious Health Advisory Email

March 5, 2020

What's the issue?

Proving without question there is no honour among thieves, cyber threat actors are exploiting the fear and uncertainty related to the current novel coronavirus (COVID-19). The cybersecurity community is seeing an increased number of cyberattacks exploiting the COVID-19 outbreak at a time when people around the world are looking for answers and information to protect themselves. Malicious emails promoting maps on the spread of the virus, fake vaccinations for sale, and prophylactic gear have been identified.

In one example, the Sophos Security Team detected a phishing email campaign that disguised itself as a public service announcement from the World Health Organization (WHO) about COVID-19. The email uses the WHO logo with a brief message concerning "safety measures regarding the spreading of corona virus (sic)" and a button to download a "Safety measures" document. Except for a few spelling and grammatical errors, the email can be mistaken as a legitimate email from the WHO, especially when the focus is on such a critical matter. When the email button is clicked it brings the target victim to a fake landing page that looks like the real WHO page, with a malicious login designed to collect your email password.

More than 4,000 website domains related to this outbreak have been registered since January 1, 2020. 3% to 5% of those sites are confirmed or suspected to be malicious.

The distribution of malicious software trojans such as Emotet and Lokibot have also been reported on novel coronavirus related emails. These trojans are designed to deliver various forms of ransomware and other malicious tools to achieve data theft, extortion or operational disruption.

The FBI Cybercrime Centre, IC3, the Canadian government's Centre for Cyber Security, and the RCMP are aware of coronavirus-themed malicious email attacks and are asking victims to report any successful attacks.

What should I do?

At a time when information about the COVID-19 outbreak is everywhere, friends and family are informing their loved ones and companies are emailing their staff, it is important to watch out for these phishing attacks. Cybercriminals see this as an opportunistic time to attack you.

    Be Aware of the Threat
  • Do not open any email attachments you are not expecting, do not click on unknown ads or links in emails or on websites that you are unfamiliar with, especially on a topical issue such as this current novel coronavirus related to protective gear such as masks, cures, or spread information
  • Be immediately wary when you are asked to give passwords or any information for any reason, other than the known and trusted site they are intended for
  • If you receive an email that appears to be from a known or trusted site, do not login by clicking on the email link, but separately access the site by opening a web browser and using a known site address
    Protect your Computer
  • Ensure you have a fully patched computer, operating system, office suite, web browser, utility apps like Adobe and Java, and a powerful and up-to-date anti-malware suite
  • If it appears you have been attacked by ransomware disconnect your system from your network and the Internet, contact an IT professional immediately for guidance in recovering your files
    Know How to Spot Fake Email and Landing Pages
  • Note any spelling and grammatical errors
  • Watch for button links to non-secure sites (HTTP)
  • Observe and separately confirm if a link goes to the real site you are intending to go to
  • Suspect pop-ups asking to verify your email, password or other information the site should already know

Note: NPC Safe Computing Webinars

NPC is holding a free webinar on ransomware attacks and protection on March 10th at 1:00 PM EST that will now be updated to include commentary and information related to novel coronavirus phishing attacks. Click here to attend.


CheckPoint - Update: Coronavirus-themed domains 50% more likely to be malicious than other domains

Digital Trends - Online dashboard tracks the spread of coronavirus cases globally

FBI - Cyber Crime - Coronavirus-themed emails used by cybercriminals to spread malware, report says

IBM - IBM X-Force Threat Management

KnowBe4 - [Heads-up] The World Health Organization Warns of New Coronavirus Phishing Attacks. Inoculate Your Employees!

Naked Security by Sophos - Coronavirus "safety measures" email is a phishing scam

NPC files.

NPC Security Alerts

Receive our NPC Security Alerts email to stay on top of the most important security threats to your devices, data, and your privacy. We do not use this list for any other purpose.

Sign up now