Criminals are using the coronavirus outbreak to try and bait people into clicking suspicious links in a bid to hack into their computers and steal personal information.
Cyber-security researchers have identified several campaigns where hackers pretend to be legitimate health organisations to ensnare victims.
Users are being urged by experts to not click on any link that seems suspicious and instead only click on information directly via official routes.
The virus has infected more than 100,000 people around the world, including 163 in the UK, and killed 3,400 people.
Scroll down for video
Users are being urged by experts to not click on any link they believe may be suspect and instead only click on information directly via official routes. The virus has infected more than 100,000 people around the world, including 163 in the UK, and killed 3,400 people
Phishing experts at cyber-security firm Cofense identified two phishing campaigns that have emerged in the wake of the devastating outbreak.
Criminals are claiming to be officials from healthcare groups such as The Centers for Disease Control (CDC) and the World Health Organization (WHO).
They purport to offer guidance and information on the COVID-19 outbreak but instead hope to insert malware and harvest the credentials of unsuspecting users.
Kyle Duncan and Ashley Tran, internet security researchers from the Cofense Phishing Defense Center in the US, write in a blog post: ‘Since news of the coronavirus hit national headlines, many threat actors have played on its infamy to target unsuspecting users.’
One email scam appears to be from The Centers for Disease Control and states coronavirus has officially become airborne and there are confirmed cases nearby (pictured). This specific scam has the subject line ‘COVID-19 – Now Airborne, Increased Community Transmission’ and the spoofed display name, CDC INFO, makes it an impressive forgery, the researchers note
One email scam appears to be from The Centers for Disease Control and states coronavirus has officially become airborne and there are confirmed cases nearby.
The researchers add: ‘While there are numerous phishing campaigns raving about the latest safety measures, all claiming to be reputable health organisations or doctors, this email differs in its methods, weaponising fear to panic users into clicking malicious links.’
It mentions the only way to minimise risk of infection is by avoiding high-risk areas that are listed on a page. They provide a hyperlink to this page in their email.
The sites then take the recipient through to are run by hackers.
This specific scam originated from a British IP address but tricks computers in the US into thinking it is from an @cdc.gov email address, making it appear trustworthy.
Combined with reasonable spelling and grammar, as well as a subject line of ‘COVID-19 – Now Airborne, Increased Community Transmission’ and the spoofed display name, CDC INFO, makes it an impressive forgery, the researchers note.
All this is designed to lull the potential victim into a false sense of security. The link goes through to one of three links, all of which are malicious.
It is thought this scam is being run by a single person.
Another scam identified by the same company claims to be from the World Health Organization (WHO) and has the subject line ‘Attention: List Of Companies Affected With Coronavirus March 02, 2020.’ (pictured). Its attachment is a sophisticated piece of malware
‘Clues point to a single threat actor carrying out these attacks,’ the experts write.
‘Further observation may soon reveal the actor’s identity or at least a general attack vector that can be monitored for and blocked by network firewalls.’
Another scam identified by the same company claims to be from the World Health Organization (WHO) and has the subject line ‘Attention: List Of Companies Affected With Coronavirus March 02, 2020.’
These scare tactics are compounded with an attachment titled ‘SAFETY PRECAUTIONS’ and has a .exe extension.
It disguises itself as an excel file but instead hides a piece of malicious software called Agent Tesla keylogger.
This relays detailed information on keyboard input as well as sending automatic screenshots, including of passwords, to the criminals.
An unrelated scam circulating in Italy is tricking targets into opening links that claim to be from the WHO containing ‘safety measure’ information.
An unrelated scam circulating in Italy is tricking targets into opening links that claim to be from the WHO containing ‘safety measure’ information. Experts at SophosLabs tracked this scam campaign in Italy, a country which has seen almost 4,000 cases of COVID-19
The email, with the subject line ‘coronavirus: informazioni importanti su precauzioni’ – purportedly from a ‘Dr. Penelope Marchetti’ —states in Italian: ‘Due to the fact that cases of coronavirus infection are documented in your area, the World Health Organization has prepared a document that includes all necessary precautions against coronavirus infection
Experts at SophosLabs tracked this scam campaign in Italy, a country which has seen almost 4,000 cases of COVID-19.
The email, with the subject line ‘coronavirus: informazioni importanti su precauzioni’ – purportedly from a ‘Dr. Penelope Marchetti’ —states in Italian: ‘Due to the fact that cases of coronavirus infection are documented in your area, the World Health Organization has prepared a document that includes all necessary precautions against coronavirus infection.
‘We strongly recommend that you read the document attached to this message!’
The attached document opens a word document which, if a user clicks ‘enable editing’, infects the computer and sends criminals sensitive information stored on the computer.
Criminals are using the coronavirus outbreak to try and bait people into clicking suspicious links in a bid to hack into their computers and steal personal information. Cyber-security researchers have identified several campaigns where hackers pretend to be legitimate health organisations to ensnare victims (stock)
Bill Santos, president of Cerberus Sentinel, a self-described ‘elite team of security experts’, told MailOnline: ‘The smartest approach to this is to avoid any inbound emails on this topic completely and instead go to the “known good” sources of information like World Health Organization (www.who.int) and the Centers for Disease Control (cdc.gov) as well as local government agencies for any information regarding this situation.
‘Bad actors are preying on fear; the best strategy is to ignore them completely.’
Hugo Van den Toorn, manager of offensive security at Outpost24, adds: ‘This is an example of how well-informed criminals are and how cunning they operate these days.
‘To increase the likelihood of phishing campaign to succeed, criminals often change their modus operandi and scenarios based on relevant events, such as: Public holidays, tax filing deadlines, political situations and apparently the outbreak of a deadly virus.
‘Criminals utilise these events to make their messages look less suspicious, add more authority, apply time-pressure to their request, to play onto the recipient’s health or mental state or any other psychological triggers that underly the success of phishing attacks.
‘Criminals will literally do anything to increase the odds of their phishing attacks succeeding.’