Coronavirus Phishing Ruses

Coronavirus Sparks A Series of Phishing Ruses

( 3 min read )

Curb your instincts; don’t open emails just because they claim to contain news about the Coronavirus pandemic.

We have already demonstrated in an earlier blog how empty of basic decency cybercriminals are. For them, pandemics and worldwide traumas are nothing more than fodder for sustaining their ill-intentioned campaigns. However, the purpose of this blog is not to badmouth hackers. It is to raise awareness: what are the Coronavirus click-bait email subjects and ruses you should look out for?

Let’s dive right in.

Cure found!

This one is kind of obvious and almost guarantees a high click thru rate. Who doesn’t want to get done with the pandemic once and for all? An email with the subject along the lines of “Cure for Coronavirus Found!” is going to attract tons of impulsive clicks and attachment downloads. Security researchers at Proofpoint security uncovered a sudden upsurge of suspicious emails being sent to the company’s patrons. The email seemed to originate from some unknown doctor in UK who claimed to have found a vaccination for beating the Coronavirus infection. The email contains a fraudulent Call to Action in the form of a spoof weblink that takes you to a webpage which harvests login details. The emails are being sent off in batches of 2,00,000 or more at a time, and have a disturbingly high success rate.

“We have seen 35-plus consecutive days of malicious coronavirus email campaigns, with many using fear to convince victims to click,” says Sherrod DeGrippo from the company’s threat research and detection team.

Thankfully, though, there is a simple solution to this: if you just hover over the link text, you can know the actual link where you will be taken if you click. If the link looks strange in any way, Proofpoint suggests, DO NOT click it.

Coronavirus Tax Refund

The HM Revenue and Customs Department took the fall for this scheme. A UK Based Tax Department, the HMRC handles tax collection, tax returns, and overall tax administration. Security analysts at Mimecast security recently found the phishers used HMRC as a front for sending out phishing emails in huge bulks. The email informed the victims that they were liable to receive a tax rebate, on account of the funds changing hands for research on the Coronavirus vaccination. Seems strange, doesn’t it? However, when the prospect of getting a tax refund is tempting you, all logic quickly flies out the window. The email contains — no surprises here — a fake link that takes you to an input form asking you to fill out all your tax and financial information.

“Do not respond to any electronic communication in relation to monies via email,” says Carl Wearn, head of e-crime at Mimecast. “And certainly do not click on any links in any related message. This is not how HMRC would advise you of a potential tax refund.”

Help stop the spread

Guidelines for prevention of Coronavirus are coming in plentiful. The two governing centers taking the lead on this are the Centre for Disease Control (CDC) and the World Health Organisation (WHO). Hackers have been impersonating WHO by sending out emails in its name. The email contains an attachment, with a little note in the email body saying something like, “If you follow these practices, you lessen the chance of contracting the virus…” Downloading the attachment triggers the Agent Tesla Keylogger, which monitors your keystrokes and steals all your confidential passwords and login credentials.

To avoid becoming a victim, keep a lookout for emails claiming to be from WHO, as they are likely a trap. Instead visit all the official channels for the latest developments.

There several other ruses hackers are using. The most common of them include links saying the virus has become airborne. This adds fire to the flame of panic that is already rising.  Then there are emails asking for donations to help the research for a cure, bringing in the sympathy factor. Whatever the case, please understand no authoritative body is going to disseminate essential, helpful info in personal, shady-looking emails.

Security might have slipped on your list of priorities in these testing times. But unfortunately, that just increases the likelihood of you becoming a target. If you are looking for someone to rely on for security, give Logix a chance. Our Cloud Email Advance Threat Protection service accurately detects email-borne threats such as Ransomware, BEC, Domain Spoofing, Advanced Malware, Spear Phishing & Display Name Spoofing. We specialize in scanning domain spoofing using Domain Authentication techniques of rDNS, SPF & Sender ID, DKIM & DMARC. Customers can identify whether their hackers are forging their domains on the internet. They can check up on this with our DMARC Monitoring tools.To learn more, simply visit our Email Security Page.

Leave a Reply

Your email address will not be published. Required fields are marked *