Hackers are disguising phishing attacks as official emails from public health groups

Criminals are using the coronavirus outbreak to try and bait people into clicking suspicious links in a bid to hack into their computers and steal personal information. 

Cyber-security researchers have identified several campaigns where hackers pretend to be legitimate health organisations to ensnare victims. 

Users are being urged by experts to not click on any link that seems suspicious and instead only click on information directly via official routes. 

The virus has infected more than 100,000 people around the world, including 163 in the UK, and killed 3,400 people. 

Scroll down for video  

Users are being urged by experts to not click on any link they believe may be suspect and instead only click on information directly via official routes. The virus has infected more than 100,000 people around the world, including 163 in the UK, and killed 3,400 people

Phishing experts at cyber-security firm Cofense identified two phishing campaigns that have emerged in the wake of the devastating outbreak. 

Criminals are claiming to be officials from healthcare groups such as The Centers for Disease Control (CDC) and the World Health Organization (WHO).

They purport to offer guidance and information on the COVID-19 outbreak but instead hope to insert malware and harvest the credentials of unsuspecting users.

Kyle Duncan and Ashley Tran, internet security researchers from the Cofense Phishing Defense Center in the US, write in a blog post: ‘Since news of the coronavirus hit national headlines, many threat actors have played on its infamy to target unsuspecting users.’

One email scam appears to be from The Centers for Disease Control and states coronavirus has officially become airborne and there are confirmed cases nearby (pictured). This specific scam has the subject line 'COVID-19 – Now Airborne, Increased Community Transmission' and the spoofed display name, CDC INFO, makes it an impressive forgery, the researchers note

One email scam appears to be from The Centers for Disease Control and states coronavirus has officially become airborne and there are confirmed cases nearby (pictured). This specific scam has the subject line ‘COVID-19 – Now Airborne, Increased Community Transmission’ and the spoofed display name, CDC INFO, makes it an impressive forgery, the researchers note

One email scam appears to be from The Centers for Disease Control and states coronavirus has officially become airborne and there are confirmed cases nearby.  

The researchers add: ‘While there are numerous phishing campaigns raving about the latest safety measures, all claiming to be reputable health organisations or doctors, this email differs in its methods, weaponising fear to panic users into clicking malicious links.’

It mentions the only way to minimise risk of infection is by avoiding high-risk areas that are listed on a page. They provide a hyperlink to this page in their email.   

The sites then take the recipient through to are run by hackers. 

This specific scam originated from a British IP address but tricks computers in the US into thinking it is from an @cdc.gov email address, making it appear trustworthy. 

Combined with reasonable spelling and grammar, as well as a subject line of ‘COVID-19 – Now Airborne, Increased Community Transmission’ and the spoofed display name, CDC INFO, makes it an impressive forgery, the researchers note. 

All this is designed to lull the potential victim into a false sense of security. The link goes through to one of three links, all of which are malicious. 

It is thought this scam is being run by a single person. 

Another scam identified by the same company claims to be from the World Health Organization (WHO) and has the subject line 'Attention: List Of Companies Affected With Coronavirus March 02, 2020.' (pictured). Its attachment is a sophisticated piece of malware

Another scam identified by the same company claims to be from the World Health Organization (WHO) and has the subject line ‘Attention: List Of Companies Affected With Coronavirus March 02, 2020.’ (pictured). Its attachment is a sophisticated piece of malware 

‘Clues point to a single threat actor carrying out these attacks,’ the experts write. 

‘Further observation may soon reveal the actor’s identity or at least a general attack vector that can be monitored for and blocked by network firewalls.’

Another scam identified by the same company claims to be from the World Health Organization (WHO) and has the subject line ‘Attention: List Of Companies Affected With Coronavirus March 02, 2020.’ 

These scare tactics are compounded with an attachment titled ‘SAFETY PRECAUTIONS’ and has a .exe extension.

It disguises itself as an excel file but instead hides a piece of malicious software called Agent Tesla keylogger. 

This relays detailed information on keyboard input as well as sending automatic screenshots, including of passwords, to the criminals.

An unrelated scam circulating in Italy is tricking targets into opening links that claim to be from the WHO containing ‘safety measure’ information.

An unrelated scam circulating in Italy is tricking targets into opening links that claim to be from the WHO containing 'safety measure' information. Experts at SophosLabs tracked this scam campaign in Italy, a country which has seen almost 4,000 cases of COVID-19

An unrelated scam circulating in Italy is tricking targets into opening links that claim to be from the WHO containing ‘safety measure’ information. Experts at SophosLabs tracked this scam campaign in Italy, a country which has seen almost 4,000 cases of COVID-19

The email, with the subject line 'coronavirus: informazioni importanti su precauzioni' – purportedly from a 'Dr. Penelope Marchetti' —states in Italian: 'Due to the fact that cases of coronavirus infection are documented in your area, the World Health Organization has prepared a document that includes all necessary precautions against coronavirus infection

The email, with the subject line ‘coronavirus: informazioni importanti su precauzioni’ – purportedly from a ‘Dr. Penelope Marchetti’ —states in Italian: ‘Due to the fact that cases of coronavirus infection are documented in your area, the World Health Organization has prepared a document that includes all necessary precautions against coronavirus infection 

Experts at SophosLabs tracked this scam campaign in Italy, a country which has seen almost 4,000 cases of COVID-19.  

The email, with the subject line ‘coronavirus: informazioni importanti su precauzioni’ – purportedly from a ‘Dr. Penelope Marchetti’ —states in Italian:  ‘Due to the fact that cases of coronavirus infection are documented in your area, the World Health Organization has prepared a document that includes all necessary precautions against coronavirus infection.

‘We strongly recommend that you read the document attached to this message!’

The attached document opens a word document which, if a user clicks ‘enable editing’, infects the computer and sends criminals sensitive information stored on the computer. 

Criminals are using the coronavirus outbreak to try and bait people into clicking suspicious links in a bid to hack into their computers and steal personal information. Cyber-security researchers have identified several campaigns where hackers pretend to be legitimate health organisations to ensnare victims (stock)

Criminals are using the coronavirus outbreak to try and bait people into clicking suspicious links in a bid to hack into their computers and steal personal information. Cyber-security researchers have identified several campaigns where hackers pretend to be legitimate health organisations to ensnare victims (stock)

Bill Santos, president of Cerberus Sentinel, a self-described ‘elite team of security experts’, told MailOnline: ‘The smartest approach to this is to avoid any inbound emails on this topic completely and instead go to the “known good” sources of information like World Health Organization (www.who.int) and the Centers for Disease Control (cdc.gov) as well as local government agencies for any information regarding this situation. 

‘Bad actors are preying on fear; the best strategy is to ignore them completely.’  

Hugo Van den Toorn, manager of offensive security at Outpost24, adds: ‘This is an example of how well-informed criminals are and how cunning they operate these days. 

‘To increase the likelihood of phishing campaign to succeed, criminals often change their modus operandi and scenarios based on relevant events, such as: Public holidays, tax filing deadlines, political situations and apparently the outbreak of a deadly virus. 

‘Criminals utilise these events to make their messages look less suspicious, add more authority, apply time-pressure to their request, to play onto the recipient’s health or mental state or any other psychological triggers that underly the success of phishing attacks. 

‘Criminals will literally do anything to increase the odds of their phishing attacks succeeding.’

WHAT IS PHISHING?

Phishing involves cyber-criminals attempting to steal personal information such as online passwords, bank details or money from an unsuspecting victim. 

Very often, the criminal will use an email, phone call or even a fake website pretending to be from a reputable company. 

The criminals can use personal details to complete profiles on a victim which can be sold on the dark web. 

Cyber criminals will use emails in an effort to elicit personal information from victims in order to commit fraud or infect the user's computer for nefarious purposes 

Cyber criminals will use emails in an effort to elicit personal information from victims in order to commit fraud or infect the user’s computer for nefarious purposes 

Some phishing attempts involve criminals sending out infected files in emails in order to take control of a victim’s computer.   

Any from of social media or electronic communication can form part of a phishing attempt. 

Action Fraud warn that you should never assume an incoming message is from a genuine company – especially if it asks for a payment or wants you to log on to an online account. 

Banks and other financial institutions will never email looking for passwords or other sensitive information. 

An effected spam filter should protect from most of the malicious messages, although the user should never call the number at the bottom of a suspicious email or follow their link. 

Experts advise that customers should call the organisation directly to see if the attempted communication was genuine.  

According to Action Fraud: ‘Phishing emails encourage you to visit the bogus websites. 

‘They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.

‘The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

‘Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer. 

‘In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.’ 

Source: Action Fraud