With the coronavirus in the news and weighing heavily on the minds of just about everyone, cyber attackers are taking advantage of people’s fears in a multitude of ways. Warnings have been issued from almost every federal agency imaginable. We have compiled an overview of some of the more widespread threat campaigns being deployed.
Phishing and malware emails top 18 million in one week
Google reported more than 18 million daily malware and phishing emails that are related to COVID-19 in just a single week–on top of the more than 240 million daily spam messages coming through Google mail that are related to the coronavirus. The phishing scams use both fear and promises of financial gains to create urgency to prompt users to respond, according to Google.
FBI releases report on Covid-19 related scams
In order to educate American citizens, the FBI released statements on the types of attacks they are seeing. One of the most common fraud schemes that the FBI is reporting is people impersonating government entities. Criminals are not only using electronic communications to carry out their nefarious agenda, but some have even been seen going door-to-door trying to solicit money from people claiming that the donations will go to COVID testing, financial relief, medical testing … some are even attempting to sell fake cures. The FBI also reports that a number of individuals are going door-to-door claiming that, for a fee, they will perform a test on all residents of a house. They can be very convincing, wearing everything from fake uniforms to actual hazmat suits.
Scam websites stealing credit card information
A great number of malicious sites have been generated to steal data or money from unsuspecting victims. One example is a website named “Coronavirus Finder” which claims to have locations of people that have tested positive for Covid-19 and, for a fee, will provide locations near the victim. In reality, this site is owned by the same cybercriminal group that is behind Ginp, a successful banking trojan. When a victim enters their credit card info, it goes directly to the criminals, and nothing happens on the site. Instead, it is entered into the cybercriminals’ systems to drain any account related to that credit card number.
Another site plays on social distancing, claiming that Netflix is providing free subscriptions to affected people. The link that is provided is https://Netflix-usa[.]net/?free-isolation-period. As you can see, the domain is not from the authentic netflix[.]com. This site asks users to answer some personal questions and share the site with 10 friends to gain additional information for what is speculated to be a targeted phishing campaign.
Other bizarre Covid-19 related scams
One of the more bizarre findings on the Darkweb is a seller that claims to be a “laboratory doctor in Spanish public health” who is selling blood samples and sputum of positively-infected patients for $100 each. Lastly, someone is selling an MP3 file containing a “pure frequency” that can kill the coronavirus if listened to 3-6 times a day.
Cybercriminals preying on our fears
These scams and so many others are engineered to play on the fears of the public. The attackers behind them spend a large amount of time and energy capitalizing on whatever major news stories are popular in order to trick people into clicking malicious links or downloading files to spread whatever malware they have crafted.
To avoid falling for these scams, here are few tips:
- Individuals and organizations are highly recommended to never purchase anything from the Darkweb–as the buyer has no idea if the item is going to be sent, where it is coming from, or what it contains.
- Standard cybersecurity practices apply to avoiding electronic phishing attempts. If the recipient does not recognize the sender, then the email should be treated as suspicious. If the email is opened, then do not download anything or click any link that the email contains until the sender can be verified.
- If someone is going door-to-door, do not open the door unless they can provide some sort of legitimate identification that can verify their identity. And of course, the old adage holds true here, if it seems too good to be true then it isn’t.
Source information:
1: https://www.theverge.com/2020/4/16/21223800/google-malware-phishing-covid-19-coronavirus-scams
3: https://www.bleepingcomputer.com/news/security/coronavirus-dark-web-scams-from-infected-blood-to-ventilators/
4: https://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/