How Hackers are Manipulating Covid-19 Fears for Financial Gain

March 18, 2020 9:55 am Natasha Deeney

Security experts from the National Cyber Security Centre have warned that cybercriminals are using the Covid-19 crisis to target victims with online scams.

In recent weeks, a range of online attacks have been carried out as fraudsters seek to exploit Covid-19 for their own financial gain.

The National Cyber Security Centre advises that it is highly likely that the volume of attacks will rise if the outbreak worsens as phishing presents an attractive technique for cybercriminals to play on people’s emotions during a time of uncertainty.

Last month, the World Health Organisation warned of fraudulent emails sent by criminals posing as the WHO. Recipients were urged to open a document that supposedly contained information about how to stay safe during the outbreak. However, the attachment downloaded malware to the victim’s device which enabled cybercriminals to record keystrokes, access personal and financial information and launch webcam apps.

In an effort to add credibility to the email, the sender included a WHO logo and email signature, as well as a credible subject line and issued the email from a domain that appears to resemble an official World Health Organisation email address.

Centres for Disease Control and Prevention Phishing Scam

In a similar scam, victims receive a bogus email which appears to be from the Centres for Disease Control and Prevention (CDC). The phishing email uses the correct email address for the organisation and aims to provoke fear by claiming the rates of transmission of coronavirus will increase.

As is the case with many phishing scams, recipients are instructed to visit a dupe login page which is set up to harvest their personal details, such as their email and password which can then be sold illegally online.

Research reports nearly 1.5 million phishing sites are created each month and are usually highly targeted, sophisticated and difficult for users to avoid.

Malicious CovidLock App Claims to Track Coronavirus

One of the most recent coronavirus hoaxes is an Android app titled ‘CovidLock’ which claims to provide access to a map that details real-time virus tracking and information, including heatmap visuals and statistics. 

Once installed, the app asks for various permissions which it claims are needed to be able to deliver notifications. However, the app is actually laced with ransomware which can deny the victim access to their phone by forcing a change in the phone’s lock screen password. This is also known as a screen-lock attack and has been seen before on Android ransomware.

The app takes advantage of the fact that people are hungry for information and advice about the spread of coronavirus. The CovidLock app then notifies the user to demand a $100 (approx £80) Bitcoin payment to decrypt data, with the threat that everything will be deleted if payment is not made within 48 hours.

HM Revenue and Customs Coronavirus Scam

With many business owners and taxpayers worried about the impact of corornavirus on their financial situation, individuals in the UK have also been targeted by a Covid-19 themed phishing email which claims to be from HM Revenue and Customs. The email explains that the government has announced a ‘new tax refund programme’ to deal with the outbreak and instructs the victim to click a malicious link to access their funds. 

When the user clicks the link, it directs them to a fake government webpage and encourages the recipient to input all their financial and tax information, including their name, address, phone number, and bank card number. Using this information, cybercriminals can then sell the data, exploit it to break into other accounts, attempt to steal identities or even hold the data ransom.

According to researchers, such attacks have recently become more targeted, with greater numbers focusing on specific sectors like shipping, transport or retail to increase the likelihood of success.

Covid-19 Cyber Safety is in Your Hands

With 90% of all data breaches caused by phishing and 3.4 billion fake emails sent every day, users must remain cautious and vigilant. Educating yourself, your staff, and your end users about phishing can significantly minimise your risk. To stay safe, there are a number of simple ways you can protect yourself from such attacks: 

  • Never click on links or download attachments from unknown sources.
  • Always verify the security of a website – Check the site has been secured using HTTPS / Check for a website privacy policy / Use a website safety check tool such as Google Safe Browsing / Do a WHOIS lookup to see who owns the website.
  • Seek information from trusted sources.
  • Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately.
  • Ignore and delete emails with poor grammar and formatting.
  • Question the validity of any email that asks you to submit personal or financial information.
  • Ignore emails that are threatening or urgent in tone.
  • Install the latest anti-virus software solutions on all your devices.
  • Consider blocking attachments that are commonly associated with malware, such as .dll and .exe, and attachments that cannot be scanned by anti-virus software, such as .zip files.
  • Use strong passwords to reduce the chance of devices being hacked.
  • Consider the use of a password manager to maintain the security of multiple accounts.