March 5, 2020
What's the issue?
Proving without question there is no honour among thieves, cyber threat actors are exploiting the fear and uncertainty related to the current novel coronavirus (COVID-19). The cybersecurity community is seeing an increased number of cyberattacks exploiting the COVID-19 outbreak at a time when people around the world are looking for answers and information to protect themselves. Malicious emails promoting maps on the spread of the virus, fake vaccinations for sale, and prophylactic gear have been identified.
In one example, the Sophos Security Team detected a phishing email campaign that disguised itself as a public service announcement from the World Health Organization (WHO) about COVID-19. The email uses the WHO logo with a brief message concerning "safety measures regarding the spreading of corona virus (sic)" and a button to download a "Safety measures" document. Except for a few spelling and grammatical errors, the email can be mistaken as a legitimate email from the WHO, especially when the focus is on such a critical matter. When the email button is clicked it brings the target victim to a fake landing page that looks like the real WHO page, with a malicious login designed to collect your email password.
More than 4,000 website domains related to this outbreak have been registered since January 1, 2020. 3% to 5% of those sites are confirmed or suspected to be malicious.
The distribution of malicious software trojans such as Emotet and Lokibot have also been reported on novel coronavirus related emails. These trojans are designed to deliver various forms of ransomware and other malicious tools to achieve data theft, extortion or operational disruption.
The FBI Cybercrime Centre, IC3, the Canadian government's Centre for Cyber Security, and the RCMP are aware of coronavirus-themed malicious email attacks and are asking victims to report any successful attacks.
What should I do?
At a time when information about the COVID-19 outbreak is everywhere, friends and family are informing their loved ones and companies are emailing their staff, it is important to watch out for these phishing attacks. Cybercriminals see this as an opportunistic time to attack you.
Be Aware of the Threat
- Do not open any email attachments you are not expecting, do not click on unknown ads or links in emails or on websites that you are unfamiliar with, especially on a topical issue such as this current novel coronavirus related to protective gear such as masks, cures, or spread information
- Be immediately wary when you are asked to give passwords or any information for any reason, other than the known and trusted site they are intended for
- If you receive an email that appears to be from a known or trusted site, do not login by clicking on the email link, but separately access the site by opening a web browser and using a known site address
- Protect your Computer
- Ensure you have a fully patched computer, operating system, office suite, web browser, utility apps like Adobe and Java, and a powerful and up-to-date anti-malware suite
- If it appears you have been attacked by ransomware disconnect your system from your network and the Internet, contact an IT professional immediately for guidance in recovering your files
Know How to Spot Fake Email and Landing Pages
- Note any spelling and grammatical errors
- Watch for button links to non-secure sites (HTTP)
- Observe and separately confirm if a link goes to the real site you are intending to go to
- Suspect pop-ups asking to verify your email, password or other information the site should already know
- Go Only to Known and Verifiable Sources of Information
- Johns Hopkins University Coronavirus COVID-19 Global Cases by the Center for Systems Science and Engineering
- U.S. CDC - Centers for Disease Control
- Government of Canada Public Health Services
Reliable sources of information for the spread and protection from COVID-19:
Note: NPC Safe Computing Webinars
NPC is holding a free webinar on ransomware attacks and protection on March 10th at 1:00 PM EST that will now be updated to include commentary and information related to novel coronavirus phishing attacks. Click here to attend.