As Coronavirus (COVID-19) spreads, individuals are doing their best to stay up-to-date on the latest news regarding the outbreak. Hackers have created new attacks based on the public interest in this virus. Through our security vendors and partners, Partek has received up to date information on attack vectors that attackers are using in the latest string of phishing and fraudulent attacks. One of the most common attacks is an email impersonation attack. In this attack, the criminal impersonates organizations like the UN World Health Organization (WHO) and the US Centers for Disease Control and Prevention (CDC) to trick users into opening a malicious email. Multiple government organizations have issued warnings against these attacks.
This is not an unusual tactic for hackers, as email scams historically usually follow the headlines. Hackers typically try to monetize on tragedies like hurricanes and other disasters. Most of these scams are designed to do some variation of the following:
The current pandemic has given scammers all those opportunities and more:
Email scammers will continue to find new ways to take advantage of the Coronavirus COVID-19 pandemic. There has been a significant surge in the registration of new domains that use the word ‘coronavirus.’ Some of these will be put to a good use, but many will be used by hackers for malicious purposes. These malicious websites might appear to offer news or advice on coronavirus outbreak but are being used for phishing or to spread malware. Email impersonation scams often include links to this type of site.
Over the past few weeks, our partner, Barracuda Networks, has seen a number of attacks impersonating the World Health Organization. These phishing emails appear to come from WHO with information on COVID-19. They often use domain spoofing tactics to trick users into thinking these messages are legitimate. These email impersonation attacks will include a link in the body of the email. Users who click on that link are taken to a newly registered phishing website:
As a preventative measure against the spread of Coronavirus, many organizations are asking employees to work remotely from home until further notice. These remote workers may rely on email for communication, as well as updates on workplace issues related to the outbreak. This puts users in a state of expectation for email messages from HR or upper management on the subject of the virus. This expectation creates an increased risk for the company because the user is more likely to accidentally open a malicious email if they are expecting a similar legitimate message. These factors, combined with the diminished ability to confirm the legitimacy of an email due to remote working is a perfect environment for email scams.
There are several ways to protect your company and employees from email scams, and they are based on employee education and security technology:
