There has been a surge in new cyber scams and breaches since the COVID-19 outbreak began. Cybercriminals have been leveraging the fear caused by this pandemic to breach systems and steal user information. From phishing to malicious apps, this pandemic has posed a massive opportunity for criminals.
Phishing emails and other scams abound, we generally see current event topics show up in phishing emails. COVID-19 however is a truly global crisis impacting billions – people are worried, scared, want to keep safe, keep their family safe, and are losing their jobs and income. These are all things that criminals are using to convince users to click or open something.
Tens of thousands of COVID-19 related domains have been created over the last month and many of these will be used for malicious purposes. These domains will use words like “COVID”, “Corona”, or other pandemic related words, and also try to spoof popular services like Zoom or Office 365, the use of which has ramped up for remote collaboration.
Known phishing emails fall into these basic categories;
- Fake WHO, Canada Health, or CDC emails – “Click link” or “Open attachment for guidelines, cures, updates.”
- Fake organization emails – “Someone at the company was infected, open the attachment for action you need to take.”
- Fake public health or Hospital email – “You’ve come in contact with someone infected.”
- Fake voicemail files
Phishing emails are trying to trick users into opening an attachment or clicking a link with the goal of either installing malware on their computer or capturing credentials they enter into a fake website. Even ransomware has been seen delivered by some of these phishing campaigns.
Criminals are using text-based phishing to lure users into clicking links. The most common scam seen is related to financial assistance, along the lines of, “Click here to claim your COVID-19 relief money.” Additionally, scammers send alerts saying a user has not adhered to isolation rules and will be fined. They then provide a phone number to click, or they provide offers of free protective gear like masks. These links can open fake websites and ask users to provide credentials or banking information. There have been cases where these links lead to malware being in stalled on mobile devices to capture credentials entered directly to your banking app.
Business Email Compromise
These emails spoof high level management like a CEO and ask that a user contact them as they need something done urgently. This tactic has been updated with the excuse that the sender can’t go out because of people testing positive to COVID-19 in their area. Once a user responds, these scammers try to get them to purchase gift cards and send them the info.
Malicious apps are circulating, like fake COVID-19 maps, or apps purporting to identify infected people in an area. The apps then deliver malware to the user’s device once installed. On top of the other malware, in one known case, an Android app, when installed, will lock down a device and request a ransom to unlock it.
Cybercriminals continue to craft new and inventive methods to breach systems, in this case exploiting the current pandemic to gain access to data. As always, it is important to maintain healthy cybersecurity practices, follow security protocols, and stay vigilant to protect yourselves and your organization.