Scam of the Week: Massive Spike in Coronavirus Phishing Emails

February 7, 2020 10:19 am Geraldine Strawbridge

Fraudsters are exploiting the public’s fear of the coronavirus outbreak by launching a range of devious phishing emails aimed at delivering malware.

In recent weeks, the World Health Organization (WHO) has declared the spread of coronavirus as a global health emergency. 636 people have died in China, and the virus has now spread to over 24 countries around the world.

Due to the fluidity of the situation, new updates are being issued all the time on global infection rates, travel information and general advice on how to minimise the spread of infection. Cybercriminals have been quick to take advantage of the public’s thirst for knowledge, and use it as bait to reel their victims in.

In one phishing email used to target US and UK individuals, the user is asked to “go through the attached document on safety measures regarding the spreading of coronavirus.” Of course, the attached PDF contains no so such advice, and if the user downloads the malicious document, they will infect their device with malware.

Coronavirus phishing email

Coronavirus Phishing Email (Source: Wired)

In another example, security researchers at Kaspersky noted a spike in phishing emails containing malicious files. The emails contained pdf, mp4 and docx files, and implied they were providing advice on how to detect and prevent the virus. In reality, they contained Trojans and worms used to destroy systems and steal sensitive data.

The coronavirus has also been used as a hook to distribute the destructive Emotet Malware. Emotet’s developers are continually finding new ways to hide and distribute their malicious payload, as we detailed in last week’s ‘scam of the week’.

In this particular case, IBM X-Force researchers uncovered an Emotet campaign specifically targeting users in Japan. The phishing emails appear to come from a Japanese disability welfare service provider and warn users about a new strain of the virus that has been detected in their local area.

To find out how to obtain face masks and learn more about other preventative measures, the user is prompted to open an attached word document. As soon as this is opened, it enables macros that start the infection process. Once infected, the user’s data can be stolen, and the device can be used to launch further attacks.

Malicious coronavirus word document
Malicious coronavirus word document (source: IBM)

High-profile events or trending news stories are frequently used by opportunistic criminals as a way of spreading phishing emails and malicious files. We’ve seen this with the recent bushfires in Australia and the collapse of travel firm, Thomas Cook.

By preying on basic human emotions, the crooks can successfully trick individuals into opening malicious emails that they would normally apply more caution to. This psychological manipulation will often result in a higher open rate, netting the criminals an even bigger profit than a run of the mill phishing campaign.

How to Protect Yourself from Phishing Scams

  • Never click on links or download attachments from unknown sources.
  • Always verify the security of a website – Check the site has been secured using HTTPS / Check for a website privacy policy / Use a website safety check tool such as Google Safe Browsing / Do a WHOIS lookup to see who owns the website.
  • Pay close attention to the spelling of an email or web address, if there are any inconsistencies, delete immediately.
  • Ignore and delete emails with poor grammar and formatting.
  • Question the validity of any email that asks you to submit personal or financial information.
  • Ignore emails that are threatening or urgent in tone.
  • Install the latest anti-virus software solutions on all your devices.
  • Consider blocking attachments that are commonly associated with malware, such as .dll and .exe, and attachments that cannot be scanned by anti-virus software, such as .zip files.
  • Use strong passwords to reduce the chance of devices being hacked.
  • Consider the use of a password manager to maintain the security of multiple accounts.

Identifying a phishing email has become a lot harder than it used to be as criminals have become more advanced and deceptive in their attack methods. MetaPhish provides a powerful defence against phishing and ransomware attacks by training employees on how to identify and respond appropriately to these threats. Contact us for further information on how we can help protect your business.