Fri, April 3, 2020

Update: Know These Covid-19 Spear-phishing Tactics

As the world discovers how to handle COVID-19, spear-phishing attackers are taking advantage of the fear and uncertainty. There has been a steady increase in the number of COVID-19 spear-phishing attacks since January, but a recent spike in this type of attack shows a 667% increase since the end of February. Between March 1 and March 23, there were 9,116 spear-phishing attacks related to COVID-19 in comparison, a total of 1,188 detected in February, and just 137 in January.

Please make yourself and all employees aware of the following examples. These are common phishing tactics we see regularly; however, a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users and capitalize on the fear and uncertainty of their intended victims.

Many of the scams are selling cures, face masks, or asking for investments in fake companies selling coronavirus cures or developing vaccines. Scams are also in the form of donation requests for fake charities – another popular phishing method. An example is one system claims to be from the World Health Community, which doesn’t exist but they are trying to take advantage of the similarity to the World Health Organization and asks for donations to a Bitcoin wallet provided in the email.

A variety of common malware is being distributed through coronavirus-related phishing. The first malware reported utilizing coronavirus was from a disability welfare provider. The phishing emails contained a document when downloaded it installed malware. Another modular malware, which often aims to steal login credentials and data and has been distributed in at least two different coronavirus-related phishing campaigns. One uses an apology for the delay in sending the invoice due to coronavirus. The other campaign claimed to be a news update and “the one thing you must do,” which contained a link to the malware.

Credential Theft
In addition to widespread credential harvesting from information-stealing malware, phishing attacks with links are spoofing login pages and also using coronavirus COVID-19 as a lure. One such variant claims to be from the CDC and attempts to steal Microsoft Exchange credentials when the malicious link is clicked. Other login pages are more generic or offer multiple options for the provider, spoofing each provider login page. Attackers are simply changing to the existing credential phishing email premise to capitalize on coronavirus.

Here are five ways to help you protect your business from information theft:

1. Be wary of any emails attempting to get users to open attachments or click links. Anti-malware and anti-phishing solutions can be especially helpful in preventing malicious emails.

2. Watch out for any communications claiming to be from sources you usually would not receive emails. Receiving coronavirus-related emails from legitimate distribution lists is now standard, however, emails from organizations you do not typically receive messages from should be scrutinized very closely. Even if it claims to be from a source such as the CDC.

3. Still proceed cautiously with emails from organizations where you do share communications. Brand impersonation is quite prevalent in coronavirus-related email attacks. Use caution opening all coronavirus-related emails, even those you communicate with regularly.

4. Find credible charities and donate directly. A common tactic for coronavirus-related scams is asking for donations to help those affected by the pandemic. To avoid falling victim to one of these attacks, don’t respond to email requests for donations. Bitcoin requests should also be a red flag. Find credible charities and donate directly through them to ensure funds end up in the right hands.

5. Make sure your Cybersecurity protects you during these attacks by providing Real-Time, 0-Day Updates for Threat Protection. Be aware not all security is the same and new threats are continually emerging and compromising business data daily, if not hourly.

If you have any further questions, concerns, or would like to upgrade your cybersecurity to protect from these types of emails, we can help. Reach out to us at 502.267.2552.

Call Now Button