Overview

Cybersecurity awareness tells us that when there are high levels of fear, uncertainty and doubt that is when we are most susceptible to being attacked or exploited. The bad actors out there, they know this – and they are capitalizing on it.

Malicious Coronavirus Sites, Resources, and Products

With coronavirus, we have observed web sites popping up posing as legitimate ones but doing malicious things. According to The Hacker News, there are thousands of coronavirus-related sites out there posing as bait to download and distribute malware. These sites pose as global coronavirus dashboards and maps like the well-known John Hopkins University site. There are sites also posing as charities and accepting online donations for coronavirus relief efforts. Lastly, we have noticed numerous fake companies advertising online and on Facebook selling coronavirus cures, personal protection equipment and supplies, or even investment opportunities in companies allegedly working on coronavirus vaccines.

Spear Phishing on the Rise

Phishing, especially spear phishing, has significantly increased during the coronavirus pandemic. According to Barracuda Networks, just COVID-19 related phishing attacks are up 667 percent since the end of February. With the bad actors having more idle time on their hands, they are doing their due diligence with intelligence gathering to craft sophisticated spear-phishing campaigns to use on their targets. While phishing is a broad term for any attempt to solicit unsuspecting victims to share sensitive data, click malicious links, download malicious attachments, or wire money or gift cards, spear phishing is using that intelligence to target a specific person. By leveraging information from online and public sources (Open Source Intelligence or OSINT), the email can be crafted using contextual clues to make it appear legitimate and for the target to let down their guard. Examples of information that is out there that an attacker can leverage include the target’s passwords that have been exposed in breaches, information the target shared online using social media, and public records.

To highlight an example of a spear-phishing attack, we observed an accounts receivable person receiving an email with an invoice for copier supplies and services that had the correct make, model, and quantity of the copiers deployed at the office. There was no malicious link in the email, proper grammar and spelling was used, and the invoice even had an 800 number to call and directions for sending payment. If it wasn’t for the vigilance of the account receivables person to follow up with their local IT department and having policies in place for approving payments this target could have easily wired a couple of thousand dollars to the bad actors.

And it’s not limited to just email; we are seeing an increase in spear-phishing via text messages (smishing) and social chat platforms like Facebook Messenger.

How to Protect Yourself

Malicious Coronavirus Resources

Fake Cures & Products

  • Be wary of anyone selling products that claim to prevent, treat, or cure COVID-19
  • Because they are in demand, be wary of online and Facebook ads for companies selling personal protective equipment (N95 respirator masks, goggles, face shields, gowns, and gloves) as well as hand sanitizer and disinfectants. Report counterfeit products at www.ic3.gov

Phishing and Spear Phishing

  • Beware of any text message, chat, or email that is attempting to get you to click on a link or download an attachment. Do not open attachments or click links from senders you don’t recognize
  • Do not provide your username, password, or any sensitive personal or financial information to anyone who emails or robocalls you
  • Before sending money or buying gift cards, confirm directly with the person that it’s a legitimate request. With the travel ban and everyone on lockdown we are seeing and expect emails posing as friends and family members seeking money or buying them gift cards
  • No legitimate financial institution will send you a text message asking for account information or your ATM code. Any text message received posing as a financial institution or merchant you do business with that asks you to click on a link is fraudulent, do not click it
  • Phishing emails will try to capitalize on coronavirus, so be extra cautious for emails related to charitable contributions, airline/travel refunds, investment opportunities, and even emails about stimulus checks. Government agencies will not send you unsolicited emails requesting sensitive information for stimulus checks or economic relief.
  • When there is any doubt, call the person, financial institution, or merchant directly to verify the legitimacy and accuracy of any email, text, or chat

Sources:

Visit our COVID-19 Resource Center for the latest updates and resources for you and your business.

About the Authors

Bryan M. Smith

Senior Security Consultant, Cyber Technology Group

Subscribe

Stay up-to-date with the latest news and information delivered to your inbox.

Subscribe Now