Coronavirus – A clickbait for Hackers

Coronavirus – A clickbait for Hackers

On one side the world is dealing with the Coronavirus pandemic while on the other side cybercriminals are taking this as an opportunity to launch their ‘virus’. Cybercriminals are targeting Healthcare offices with ‘phishing emails’ claiming to offer ‘Coronavirus awareness’. The staff of the healthcare department are receiving emails that are pretending to raise awareness about Coronavirus pandemic

Many of the emails enclose the subject “ALL STAFF: CORONA VIRUS AWARENESS” – tells employees that “the institution is currently organizing a seminar for all staff to talk about this deadly virus”. The Email is claiming to be from their IT department with a link to register for a seminar. The link redirects the user to a third-party website which is disguised as a Microsoft Outlook web app. Anyone who fills the form ends up revealing their credentials or details to hackers. This could bring severe consequences to a business such as: 

  • Theft and misuse of business data 
  • Loss of reputation and clients 
  • Financial loss to a business 
  • Loss of confidential information 

Kiri Addison, Head of data science at security firm Mimecast, said the fraud was part of a ‘steady stream’ of phishing emails sent since the coronavirus outbreak. 

Coronavirus pandemic has created a panic among people and because of this reason people are easily falling for the scams. Cybercriminals are trying to deceive or manipulate people by using social engineering. This tactic is now proving to be very popular and people feel that they have very limited time to look for the details and validation of sites. 

Fake Coronavirus emails

Fig 1: Example of fake & malicious emails being circulated

Mimecast has discovered one more incident of an email scam which is pretending to be from HMRC offering Coronavirus victims a tax refund. Another report from the National Fraud Intelligence Bureau (NFIB) states that there were around 21 fraud cases registered involving coronavirus. Some of them conned people to buy face masks. 

With all these phishing scams spreading amongst the IT department, cybercriminals are using malicious websites to steal information from users. As the virus spreads across the globe, people are searching online for the information and updates on how coronavirus might affect them, and what safety measures they can take to protect themselves and their families. And as you might expect, hackers are taking advantage of this public panic about the coronavirus pandemic to accomplish their goals. 

So what you can do to avoid falling victim to these fraud schemesHere are some points to keep in mind for online safety: 

  • Be cautious with emails and files received from unknown senders, especially if they prompt you to takecertain action. 
  • Make sure to order goods from an authentic source.  
  • Check before taking any action to “special” offers. “An exclusive cure for Coronavirus for $150” is usually not a trustworthy purchase opportunity but most likely fraud. At this point of time, there is no specific cure available for the coronavirus and even if there will be, it will not be offered via email. 
  • Check for the lookalike domains, spelling differences and errors in emails or websites, and unknown email senders. 

In the times, when work-from-home is trending, Bulwark CyberX urges users to stay aware and stay vigilant as the rise in cyber-crimes is witnessed. Stay indoors & stay safe. For incident response support, contact Bulwark CyberX.