COVID-19 Phishing Scheme

In light of the heightened fear around the COVID-19 pandemic, criminals are targeting and exploiting remote workers that are isolated from their regular daily routines.

Topics: Security Advisory

Summary

In light of the heightened fear around the COVID-19 pandemic, criminals are targeting and exploiting remote workers that are isolated from their regular daily routines. This week the U.S. Secret Service issued an alert around Coronavirus-related phishing scams.

“Cybercriminals are exploiting the Coronavirus through the wide distribution of mass emails posing as legitimate medical and or health organizations,” the guidance reads. “In one particular instance, victims have received an email purporting to be from a medical/health organization that included attachments supposedly containing pertinent information regarding the coronavirus. This led to either unsuspecting victims opening the attachment, causing malware to infect their system, or prompting the victim to enter their email login credentials to access the information resulting in harvested login credentials.”

Another emerging fraud scheme exploiting the Coronavirus is using social engineering tactics through legitimate social media websites seeking donations for charitable causes related to the virus. Criminals are exploiting the charitable spirit of individuals, seeking donations to fraudulent causes surrounding the Coronavirus. Increased caution should be exercised when donating to charitable organizations.
Lindsay Kaye, director of operation outcomes at Recorded Future specifically called out the following domains as potentially dangerous:

  • coronavirusstatus[.]space
  • coronavirus-map[.]com
  • blogcoronacl.canalcero[.]digital
  • coronavirus[.]zone
  • coronavirus-realtime[.]com
  • coronavirus[.]app
  • bgvfr.coronavirusaware[.]xyz
  • coronavirusaware[.]xyz


What Can You Do

  • Phishing Emails / Social Engineering – Avoid opening attachments and clicking on links within emails from senders you do not recognize. These attachments can contain malicious content, such as ransomware, that can infect your device and steal your information. Be leery of emails or phone calls requesting account information or requesting you to verify your account. Legitimate businesses will never call you or email you directly for this information.
  • Always independently verify any requested information originates from a legitimate source.
  • Visit websites by inputting the domain name yourself. Business use encryption, Secure Socket Layer (SSL). Certificate “errors” can be a warning sign that something is not right with the website.

For more information or assistance in assuring your systems are not vulnerable, please contact your ATS Client Manager or the helpdesk at 703-876-2653 or helpdesk@networkATS.com.

References:
[0] https://www.secretservice.gov/press/releases/
[1] https://www.recordedfuture.com/
[2] https://www.forbes.com/sites/thomasbrewster/2020/03/12/coronavirus-scam-alert-watch-out-for-these-risky-covid-19-websites-and-emails/#42d7c9b01099