Scam artists are having a heyday with coronavirus fears at the forefront of most people’s minds.
One way scammers are using the COVID-19 threat is in virus-related cyber attacks by using newly-registered coronavirus-related domains to fool people.
A cybersecurity company, Recorded Future, has found that phishing emails are also being used to try to get people to click on links that are loaded with malware.
Many of these links are associated with health authorities such as the U.S. Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). Country specific health agencies such as the Chinese Ministry of Health and the Ministry of Health of Ukraine have also been used as a tool in these phishing attacks and scams related to virus-laden domains.
Scammers use the fears of ordinary people who want current updates on the COVID-19 situation as fuel. They provide links to seemingly helpful websites that direct people to malicious campaigns.
The number of email phishing scams has increased in direct relation to the number of increases in cases through the month of February.
Scams include emails from the CDC taking people to websites asking for Bitcoin donations and Microsoft Outlook login pages to try to get users to enter their user information.
Unfortunately, these scams have been extremely effective by instilling a sense of urgency and getting potential victims to click links based upon their fears.
How Can You Protect Yourself?
- Be wary of any email from a public health organization or authority, even if it appears legitimate.
- Double-check the links you’re being redirected to before clicking a link in an email by hovering your mouse cursor over the link text. If it doesn’t match the sender, do not click it.
- Go directly to authority websites rather than clicking any links in emails.
- Be aware that you’re unlikely to receive an email at work unless you’re part of the health industry.
- Note that official organizations do not take cryptocurrency payments or donations and should be considered to be a scam.
- Be wary of all attachments. Even if the text of the email makes opening the attachment seem urgent.
- Disable any macros in Microsoft Office. VBA macros have especially been used as the route of infection in documents that are phishing lures.