As Coronavirus COVID-19 makes its way across the world, individuals are doing their best to stay up-to-date on the latest outbreak locations and confirmed cases. Hackers have created new attacks based on the intense public interest in this virus.
One of the most common of these attacks is an email impersonation attack. In this attack, the criminal impersonates organizations like the UN World Health Organization (WHO) and the US Centers for Disease Control and Prevention (CDC) to trick users into opening a malicious email. Multiple government organizations have issued warnings against these attacks.
Email scams always follow the headlines
It’s not unusual for hackers to monetize on tragedies like hurricanes and other disasters. Most of these scams are designed to do some variation of the following:
· Infect the user device and spread malware
· Steal login credentials by way of a phishing site or other phishing mechanism
· Collect donations for fake charities through malicious websites
The current pandemic has given scammers all those opportunities and more:
· Selling counterfeit versions of medical supplies that are in short supply
· Tricking users into buying fake cures
· Offering investment opportunities in companies claiming to have the cure
Email scammers will continue to find new ways to take advantage of the Coronavirus COVID-19 pandemic. If you have the proper email protection in place and you know what to watch out for, you can protect yourself from these email attacks.
Email impersonation attacks
Over the past few weeks, we have seen a number of attacks impersonating the World Health Organization. These phishing emails appear to come from WHO with information on Coronavirus COVID-19. They often use domain spoofing tactics to trick users into thinking these messages are legitimate.
These email impersonation attacks will include a link in the body of the email. Users who click on that link are taken to a newly registered phishing website.
Protecting your organization and employees
- There are several ways to protect your company and employees from email scams, and they are based on employee education and security technology:
- Don’t click on links in email from sources you do not know; they may lead to malicious websites
- Be wary of emails claiming to be from the CDC or WHO. Go directly to their websites for the latest information.
- Pay special attention to email messages from internal departments or executives who sent regular updates on the outbreak. Domain and display name spoofing are some of the most common techniques used.
- Never give personal information or login details in response to an email request. This is how a phishing attack leads to business email compromise.
- All malicious emails and attacks should be immediately reported to IT departments for investigation and remediation.
- Ensure that your organization has reliable virus, malware, and anti-phishing protection.
- Make sure employees receive up-to-date training on the latest phishing and social-engineering attacks. Criminals are always looking for new ways to exploit the latest tragedies.
- Keep up on the latest scams by following alerts from CISA and similar sites.