Public Health Group Officials Imitated for Sending Out Phishing Emails
We have already covered Coronavirus Phishing Ruses in a previous blog. However, from a majority of the cases we study and have worked with, it has become clear the reason phishing attacks are successful is because the cybercriminal used a bait which resonated strongly with the victim’s emotional state. The unemployed, struggling person is more likely to open an email or link with the words ‘A Chance to WIN…’ than an established CEO. But society today has seemed to have blurred the lines for such hierarchies. Today, all of us have a common concern: overall public health and well-being. The pandemic has proved to be a powerful equalizer, uniting us all into a common state of alertness. This has forced phishers and hackers to divert from personalised click-baits to fake news and public health group PSAs.
Cofense Security has dug out evidence that phishers are now posing as Public Health Group officials. They are doing this to widen their casting net and reach a potential victim pool of practically lakhs of people. Who isn’t on their toes about the pandemic, correct? Let us jump right in and take a look at the ongoing scam.
The two public health group organizations that are being imitated: WHO and CDC
Emails supposedly coming from these two organizations offer kindly support and assistance or alternately attempt to add some terror. Their true intention is to infect the victim’s system with macros and scripts. This attack has a worryingly large number of potentials for two reasons:
- Students, Housewives, Non-working people in general are more likely to have their phones at their fingertips. Let’s face it, there is not much to do to pass the time. A mobile device now has the base of a Google Account (Android) or an iOS account (Apple), which are becoming a one-stop-for-all kind of accounts which branch into all possible subscription services. It isn’t hard to estimate the reach of the malware, should it infect a system. Credentials, Cloud storage, personal data… all would be compromised.
- The people who are still working are naturally working from home, which adds an extra avenue for exploitation: remote security. VPN Gateways, Business Email Traffic, Distributed Collaboration are all under threat.
The CDC Scam
One of the emails comes under the guise of the Centre of Disease Control. It tries to induce panic by saying the covid-19 virus has now become airborne. The email claims that the only possible prevention method now is to avoid getting into public places. So far so good, seems logical, right? However, the email further talks about some highly infected places, which you should avoid at all costs. The threat actor might personalize this list to your particular location. But as we discussed before, the criminals are now interested more in the numbers than in specific targeting. The list of places is likely not mentioned in the email body but is apparently reachable through a link. The link of course, takes the user to a phishing site run by hackers.
The WHO Scam
The World Health Organization (WHO) is the second front-runner public health group organisation that has taken a blow. This email scam is less about thriving on panic and more about pulling in gullible victims by offering safety precautions. Such emails are spreading the malware as an exe file. However, Cofense researchers are suspicious of a common threat actor, despite the contrast between this scam and the CDC one.
This particular phishing attempt hides behind an excel file. It is in fact the Agent Tesla keylogger, which can steal your sensitive credentials by monitoring your keystrokes.
Another such ruse is predominantly spreading in Italy as it has experienced the most drastic number of COVID-19 cases. The email offers safety guidelines in the form of a word file. The hackers have locked the file editing feature. Clicking ‘Enable Editing’ triggers a macro VB script which then starts infecting your machine
Email remains the single largest cyber threat attack vector, more than 90% of threat enter your organization through email.
These email phishing campaigns are claiming a huge number of victims. But you are less likely to become one, because now you know better. Besides personal vigilance, you can partner up with a trusted security service vendor. This way, you take all the edginess away, especially since you are running your business from home. Our Cloud Email Advance Threat Protection service accurately detects email-borne threats such as Ransomware, BEC, Domain Spoofing, Advanced Malware, Spear Phishing & Display Name Spoofing. With better choices, you have a better business experience.