COVID-19 Email Scams + Malware Are Spreading!

As the COVID-19 coronavirus spreads across the world, so are COVID-19 email scams and malware!

Tatyana Shcherbakova tells us what she and her team discovered!

 

Warning : COVID-19 Email Scams Are Spreading!

As the COVID-19 coronavirus spreads, fake information is being created and distributed at a very high rate, confusing people all over the world.

Cybercriminals are taking advantage of the confusion, creating various email scams, with some realistic ones pretending to be from the WHO.

Warning : WHO COVID-19 Email Scams Are Spreading!

Tatyana Shcherbakova, a senior web content analyst, details how her team looked at the COVID-19 email scams, and came across the realistic ones from WHO…

 

WHO Is Warning You? These Are COVID-19 Email Scams!

At first, we found emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. We also found scam emails with phishing links and malicious attachments.

One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.

Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid a COVID-19 infection.

Warning : WHO COVID-19 Email Scams Are Spreading!

Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.

Warning : WHO COVID-19 Email Scams Are Spreading!

This scam looks more realistic than other examples we have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.

In order to stay safe, we advise users to carefully study the content of the emails they receive and only trust reliable sources.

If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cybercriminals.

Fake COVID-19 cures

This is especially true if the sender suggests clicking on a link and sharing your personal data or opening an attachment.

You should not donate any real money or trust information with promises to help those affected by the virus, even if the email comes from someone who introduces themselves as an employee of a trusted organization.

Finally, double check the email address, as scammers often use free email services or addresses that have no relation to the organization mentioned.

 

Malware Masked As COVID-19 Coronavirus Documents!

They also found malicious files disguised as documents related to the COVID-19 coronavirus. The malicious files were masked under the guise of pdf, mp4 and docx files about the COVID-19 coronavirus.

The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case.

In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.

Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was in fact a Trojan-Downloader, which secretly downloads and installs another malicious file.

COVID-19 malware infected Excel file

This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.

 

COVID-19 Email Scams + Malware : How To Avoid

As governments and businesses are forced by the COVID-19 coronavirus to encourage their employees to work from home, it is critical that they employ these cybersecurity practices to reduce risk of falling for phishing attacks, or malware :

  • Provide a VPN for staff to connect securely to the corporate network
  • All corporate devices – including mobiles and laptops – should be protected with security software
  • The operating system and apps should be updated with the latest patches
  • Restrict the access rights of people connecting to the corporate network
  • Ensure that the staff are aware of the dangers of unsolicited messages

 

Recommended Reading

Go Back To > Cybersecurity | Business | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Comments

comments

About The Author

Leave a Reply