Phishing campaigns are mounting to exploit people concerned about COVID-19. These scams are capitalising on fear and paranoia to attract users into downloading apps or clicking links that may lead to phishing websites and in some cases lead to downloading malware or ransomware.
COVID-19 Government Relief Initiative Scams
As legislation is passed by governments worldwide to provide relief funds for citizens and businesses financially impacted by the pandemic, cybercriminals have increased phishing campaigns that seek to emulate government correspondence about such funds and initiatives with the aim of these citizens providing the criminals their credentials. For example, an email campaign was launched which claims to be sent by a major Australian newspaper and uses subject lines such as “Government announces increased tax benefits in response to the Coronavirus.” The messages contain a .PDF attachment with an embedded URL that leads to a OneDrive credential phishing page.
Coronavirus Tracking App Ransomware
Malicious actors are also targeting mobile devices, uploading COVID-19 themed apps booby-trapped with ransomware. One such app is CovidLock. It is disguised ransomware that locks the victim’s phone until they pay a ransom fee. This challenge is particularly pertinent as countries, including Australia, are planning or have implemented the use of phone apps to help track COVID-19 victims. Ensuring the correct information is being disseminated to constituents with appropriate guidelines and user recommendations is key.
Imitation of Official Health Organisations
Cybercriminals are seeking to exploit the legitimacy of official international and domestic health organisations with a range of phishing lures. Organisation such as the World Health Organization (WHO) and the US Centers for Disease Control and Prevention (CDC) have been impersonated by criminals in multiple incidents.
In February, the WHO warned that cybercriminals were using its logos and other details from its websites to create more realistic-looking phishing emails designed to send victims to a fake landing page that contained a popup screen asking users to verify the username and password associated with their email address. If someone enters their credentials, the information is then sent to the attackers.
Advice: These phishing lures highlight that the process of authentication when opening emails and other communications, and downloading apps, is unequivocally critical. Your organisation must maintain visibility of the rapidly evolving security risks associated with COVID-19 and understand how your organisation may identify and respond to them. Frequent and accurate information should be disseminated to your staff to ensure they maintain awareness about these risks and how to appropriately communicate and manage them should they manifest.