Pratum Blog

Coronavirus

The Coronavirus has now reached every continent, except Antarctica. There are more than 89,000 cases worldwide, with over 3,000 deaths reported at the time of this article being published. Like any major news event, cyber criminals are finding new ways to use the fear surrounding the infection to attack victims online. These are some the top ways online criminals use Coronavirus in new attacks.

Posing as Health Information

One-way cybercriminals capitalize on a crisis is by posing as large health organizations. One scam discovered recently was a phishing scam claiming to offer safety information regarding Coronavirus. The email appeared to be from the World Health Organization, offering safety measures to help you avoid contracting the Coronavirus. The link in the email takes you to a website, that appears to be the official WHO page. They then ask you to fill out a form of your information.

All of this appears to be legitimate, if you’re not looking closely enough. After you fill out the form on the fake webpage, it will redirect you to the authentic World Health Organization site. You may never realize you had been scammed until someone starts using the information you provided for malicious attacks.

There have been other scams reported where simply clinking on a link within the email will add malware to your device.

Asking for Donations

Another method used by criminals to get your information is by preying on people’s good nature. When there’s a crisis, people like to help out. That’s why some scammers are creating fake charities, claiming to help victims of Coronavirus.

Some of these reported email scams will title their message “Urgent”, asking for quick action to help those in need. That sense of urgency often distracts people from the fact the link they’re asked to donate to has a suspicious URL.

Just like the with the phishing emails, these can be dangerous in a few ways. They can actually achieve receiving a donation from you, or they may install malware from the link provided.

Spreading Fake Awareness

In Japan, one scam campaign that has been very popular is an email targeting people who are looking for information on the Coronavirus. These messages will claim to come from a health organization, such as the Centers for Disease Control, and will provide a document telling you where the virus has been located near you. When opened, that document has been reportedly downloading a well-known malware type called Emotet.

Another popular scam has been websites claiming to sell Coronavirus vaccinations. These websites will typically have the word “Coronavirus” in the domain name. There have been no successful vaccinations against this strain of virus, so any website claiming to sell a cure is a scam.

Advice to Avoid Scams

While information, or even a cure, to the Coronavirus is very tempting for people in fear right now, there are ways to make sure you get reliable information.

  • Before opening an email, make sure you recognize the sender.
  • Hover your mouse over links before clicking them. You should be able to see where the link is actually taking you before you click on it.
  • If a link has a suspicious domain, just avoid it. Things like HXX instead of HTTP at the beginning are red flaps.
  • Search for the legitimate website instead of clicking a link. If you get an email from CDC or WHO , just do a quick search for those sites first.
  • Don’t give your personal information to anyone who raises suspicion.
  • Slow down! Criminals use urgency to prey on victims and cause people to act without thinking clearly.

While many people are concerned about the physical threats of the Coronavirus, the potential for a cyber-attack is also important to keep an eye on. If you do witness or fall victim to a Coronavirus cyber threat, be sure to contact the FBI Internet Crime Complaint Center:

(References: https://nakedsecurity.sophos.com/2020/02/05/coronavirus-safety-measures-email-is-a-phishing-scam/
https://blog.malwarebytes.com/social-engineering/2020/02/battling-online-coronavirus-scams-with-facts/)
https://www.reuters.com/article/us-amazon-data-security/amazon-error-allowed-alexa-user-to-eavesdrop-on-another-home-idUSKCN1OJ15J)
https://blog.checkpoint.com/2020/02/13/january-2020s-most-wanted-malware-coronavirus-themed-spam-spreads-malicious-emotet-malware/)
https://www.vice.com/en_us/article/n7jdxw/hackers-are-using-the-coronavirus-panic-to-spread-malware/
https://www.who.int/about/communications/cyber-security/
https://www.ic3.gov/complaint/default.aspx/)

Get our blog posts delivered to your inbox:

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.