In another COVID-19 scam, the email security firm Inky has found emails that are impersonating President Trump and Vice President Mike Pence. The emails state that they are the latest “Coronavirus Guidelines for America” and prompts the recipient to click a link that takes the user to a webpage that impersonates the White House and contains a link to “download and read the full document.” The downloaded file contains a malicious Word document that then prompts the user to “Enable Editing” and “Enable Content” to view it. Once those are enabled, malicious macros will launch and install malware onto the recipient’s computer. Even though the site pushing the malware has been taken down, it is unclear as to how many people have received the link or what malware strain was being used.
Analyst Notes
As with any large-scale news, scammers will try anything to spread their malicious programs hoping to cash in on people’s fear. When searching for Coronavirus information, it is suggested to only use trusted sources such as the CDC, the World Health Organization (WHO), or FEMA. Emails from unknown sources should not be trusted and not opened unless verified. With the work from home posture of many companies and with their employees remotely accessing company assets, it is more vital than ever to educate employees on proper security protocols and to employ such services as the Binary Defense Security Operations Center that can monitor a company’s endpoints, such as individual company-owned computers being used at employees’ homes.
To read more: https://www.bleepingcomputer.com/news/security/phishing-emails-impersonate-the-white-house-and-vp-mike-pence/
