With the Coronavirus death toll constantly on the rise, people are becoming more and more panicked. It seems that almost everyone these days is thirsty for any information they can get on how to avoid the deadly virus, creating a tremendous opportunity for cyber attackers to exploit these fears and steal personal information and credentials.
The Coronavirus phishing campaign is the first mass campaign of its kind this year. Attackers are using real information – like CDC and WHO logos, and informational text from their websites – to design convincing emails that will ignite fear and urge victims to press on a phishing link. With the high level of concern around the virus, this is proving to be quite an easy task.
The malicious emails display sender email addresses that look legitimate upon first glance, using cdc-gov.org or cdcgov.org addresses for example. Inside the email, attackers will lure victims to acquire more information, whether it be about outbreaks in their area or recommended safety measures, by pressing a link that leads them to a phishing page.
Photo Cred: Sophos Security Team
The webpage used in this campaign is a fake Microsoft Outlook page, which tricks victims in to entering their email credentials. With these credentials, the attackers can hack their email account, and from there the possibilities are endless.
Kaspersky researchers have also uncovered a campaign that asks victims to donate to the CDC’s public health response to the Coronavirus outbreak, while actually scamming them in to sending money to the attacker’s bitcoin account. Another Coronavirus exploitation vector exposed by Kaspersky shows threat actors using these type of emails to spread malware via a malicious attachment posing as critical information about the virus.
If you receive an email claiming to provide information about the coronavirus, we highly recommend taking security precautions and avoiding opening links or attachments. Instead, visit the official World Health Organization or Center for Disease Control and Prevention websites to view updates and read official, legitimate information.
ThreatSTOP curates hundreds of sources of intelligence to stop these attacks. Ready to try ThreatSTOP in your network? Want an expert-led demo to see how it works?