How to Combat Coronavirus Phishing Scams
Coronavirus (COVID-19) is beginning to cause increased disruption for people and businesses across the UK. However, misinformation continues to spread just as quickly as the virus itself, generating fear and irrational behaviour.
Naturally, this state of panic is where cyber criminals thrive.
Always eager to find new and innovative ways of stealing personal information, cyber criminals are now taking advantage of the Coronavirus panic.
In fact, on the internet, you even need to be wary of coronavirus-related malware. Around 4000 coronavirus-related website domains have been registered since January, and it’s approximated that they’re 50% more likely to contain malware payloads.
In response to this, the NHS has unveiled its approach to tackling the so-called Coronavirus ‘fake news’ pandemic online.
At Neuways, we’ve witnessed a range of phishing scam attempts, with one even attempting to impersonate World Health Organisation (WHO) officials.
This is just one example of many, but it follows a common trend. Hackers are claiming to offer ‘advice’ on the prevention of infection, typically spoofing authoritative bodies such as the CDC, WHO, or UK Government.
Spotting a Coronavirus Phishing Scam
Whilst phishing attempts are getting more sophisticated, you will be able spot a coronavirus phishing scam if you’re vigilant.
They’re actually very similar to regular phishing, insofar as emails will be riddled with spelling mistakes, poorly formatted, and be worded in a vague manner.
For example, let’s take a look at the World Health Organisation phishing scam (right) that is currently in circulation.
Titled ‘SAFTY CORONA VIRUS AWARENESS WHO’ – a pretty strong indicator of a phishing email – it begins ‘Dear Sir’… but ‘Sir’ could be anybody.
This lack of personalisation indicates a spam email pushed out to as many people as possible.
The first paragraph simply begins with a command – ‘Go through the attached document’. No background information, no recognition of a previous correspondence, and no real context for the email. It’s brief because the hacker just wants you to click.
If you’ve read carefully, you’ll also notice the spelling error ‘corona virus’ (as opposed to coronavirus).
Spelling errors, again, indicate a hastily assembled email designed to be pushed out to as many potential victims as possible. You can read more about this on our Phishing Awareness page.
This call to action is repeated in the following paragraph, asking the recipient ‘Click on the button below to download,’ with a big blue button entitled ‘Safety measures’. The cyber criminal really wants you to open the attachment!
The email is rounded out with a series of spelling and grammar errors, reading ‘Symptoms common symptoms include fever,coughcshortness of breath and breathing difficulties’. If it was not apparent to you that this is a phishing email, it should be obvious by now.
And then the email just ends.
A couple of direct commands and semi-literate prose. But unfortunately, 1/10 people do fall for these types of scams.
Preventing a Coronavirus Phishing Scam
At first glance, the email may have appeared legitimate. After all, it does have the official logo. But logos can be imitated. Therefore you need to look beyond the surface information of an email.
Ultimately, this is the reason you need to be extra careful. The biggest enabler of any type of coronavirus phishing scam is human nature. We’re all quite curious, so if an email comes in offering ‘safety measures’ or so-called facts and stats, people are naturally inclined to click.
It’s essential that you inform your staff to not do this in any circumstances.
In the heightened state of panic, it’s also important to remember that this type of phishing scam is no more dangerous than any other type – a phishing scam only works if you, the potential victim, interact with the email.
So, if you’re ever in doubt, take a minute and read carefully before you click – even if the email is from a trusted contact. If you’re unsure whether it’s a legitimate email, give the sender a quick call to verify the correspondence.
Guarding Against Misinformation
In addition to opportunistic phishing scams, misinformation (or ‘fake news’) about coronavirus is being circulated online at an astonishing rate. Follow these tips to remain informed and free of bogus information.
Whether it’s claims that the beer brand Corona had seen drops in demand because of associations with the virus, or ‘proof’ that author Dean Koontz predicted the Coronavirus outbreak in one of his books, there are plenty of false claims in both the traditional and social media channels.
You may have also seen Apps claiming to offer ‘facts’ on the illness, or even statistics of the growing pandemic. Beware of these 3rd party Apps – very few of them have been verified by healthcare professionals. Both Google and Apple are reviewing Apps relating to coronavirus on their respective Google Play and App Store storefronts, in order to stem the tide of misinformation.
The only places you should be getting your information from is the 111 telephone service, the NHS’s Coronavirus (COVID-19) advisory page and, for the latest travelling information, the Foreign Office’s website.
Fake Coronavirus ‘Case Maps’
Cyber criminals are also weaponising people’s interest in the number of cases by producing fake COVID-19 case maps. Highly interactive, people are opening them only to be hit by a Trojan Horse.
This specific Trojan targets bank accounts specifically.
Please do not use these websites. Public Health England produced a UK-based case map, which you can access here. This is safe, informative, and will prevent you from taking any risks online.
WiseCleaner ‘CoronaVirus’ Ransomware
Another scam to look out for is a particularly nasty ransomware package, disguised as ‘WiseCleaner’ – a genuine Windows system software product.
Aptly titled ‘CoronaVirus,’ this ransomware injection is distributed via an infected website that claims to be advertising WiseCleaner. Clicking anywhere on this site will result in your device becoming infected with the Khalesi or Kpot trojan virus.
This ransomware is designed to steal a variety of sensitive data from your device, including data from your web browser, email, instant messengers, VPN, cryptocurrency, RDP, FTP, gaming software, and account information.