Scammers use Coronavirus as Phishing Bait
Scammers use Coronavirus as Phishing Bait.
Hackers are leveraging the fears surrounding Coronavirus in order to carry out cyber-attacks on a massive scale, security researchers have warned. Malware and email viruses that use Coronavirus-themed lures to trick people have spread to over a dozen countries, according to The Independent. Attackers are beginning to register URLs and create fake websites relating to Coronavirus in order to carry out malicious activity.
“Global events often capture the world’s attention with a combination of wide recognition and a sense of urgency, but they are also unfortunately likely candidates for threat actor campaigns.”
The emails being circulated come with a document attached that appears to contain an urgent message relating to new developments with the virus’s spread. One message in Japan spread by the hacking group TA542 claims that new cases have been reported, urging the reader to open the attachment to read an important message relating to face masks and other prevention methods.
Opening the attachment launches an extremely malicious form of malware known as ‘Emotet’, which is capable of stealing valuable personal information like login details for banks. The infected device can also then be used to launch further attacks.
“Threat actors exploit times of confusion or global events to conduct cyber-attacks and email phishing campaigns. These actors are opportunistic and inventive – identifying vulnerabilities in infrastructure and defences, which they then use to improve their attack methodologies.”
Periods of global disruption and confusion have become a major opportunity for cyber criminals, who play on the public’s genuine fears to increase the likelihood of targets clicking on dangerous links or attachments.
All of this activity serves as a reminder to exercise caution regarding emails and websites related to current events, particularly ones that appear to ask you to take urgent action surrounding the Coronavirus. Be sure to only visit verified, trusted websites.