A series of phishing scams have exploited the ongoing Coronavirus (COVID-19) pandemic to either spread malware, trick victims into giving away sensitive information, or raise funds that they falsely claim will help find a vaccine.
While working from home might seem like a respite from office life, staying indoors means we’ll all be spending more time online reading news, shopping, and going through emails. Whether it’s through our company laptop or personal device, more time spent online means more exposure to fraud, phishing, and malware. They all attempt to exploit our curiosity and basic necessities, such as the need to buy medical or personal hygiene equipment or other goods.
Preying on the common desire to learn more about the signs and dangers, or even how to survive potential exposure to COVID0-19, cybercriminals have started sending phishing emails that promise exclusive information in the form of attachments and links to protection gear at highly discounted prices. Many even ask for Bitcoin donations that they say will support research for a Coronavirus vaccine.
Note: The above is not a video, but an image that’s used by scammers to trick users into clicking and visiting fraudulent URLs.
Most online scams occur through spam emails that entice with amazing discounts for medical supplies that have long since flown off the shelves of pharmacies and stores.
Did you say, WHO?
No, it’s not the infamous Doctor Who from the popular TV series, but someone claiming to be a doctor working for the World Health Organization (WHO). It’s one of the most popular email scams and it claims to have new and exclusive information on how to prevent and protect against Coronavirus infection. All you have to do is open the attached document to read more.
Preying on our concerns, fraudsters are impersonating institutions affiliated with or linked to the Centers for Disease Control and Prevention (CDC) and the World Health Organisation (WHO). Their tactic includes deploying malicious links or attachments claiming to give you a list of infected people in your area.
As seen in the image below, the attached document seems to be a .rar archive, according to the extension. However, the actual file has a .pdf or .exe extension. Once you try to open it, you will only execute the malware.
To view the actual file extension of files, tick the “File name extension” checkbox under the View menu in your File Explorer window. This can help you spot files that are misleadingly named to seem benign.
Namedropping Global Organizations
Another series of messages that allegedly offer new updates in the Coronavirus outbreak use logos from the World Health Organization to appear legitimate. They entice readers with grants and donations sponsored by the “World Bank Group, United Nations Organisations, World Health Organisation, Asian Development Bank, World Trade Organization, International Monetary Fund, European Central Bank, Organisation for Economic Co-operation and Development, International Finance Corporation and many more.”
As the image below points out, the message also encourages you to open the “HEALTHCARE.PDF” file attached. Like in the previous example, the actual file is nothing if not malicious.
Needless to say, just because an email uses the logos and starts namedropping known organizations and financial institutions doesn’t mean it’s legitimate. Pay attention to the file extension for attachments above all else.
An Email Thread With…NATO
Another phishing scam in circulation claims to come from the United Nations and instructs recipients to read the instructions in the attachment (in this case, a Microsoft Excel document) on how to prevent the spread of Coronavirus.
What the email lacks in detail it makes up in seriousness, as it appears to be signed by someone working at the “Directorate of Diplomatic and Consular Personnel.” It also seems to be forwarded, and has the overall tone of an internal business message you’d receive in the regular course of work.
Of course, opening the attached document will bring you a world of trouble, as the document is tainted with malware intended to infiltrate your computer and enable attackers to compromise your personal and financial data.
The Old “Donate to Fight Coronavirus” Scam
It’s not unusual for fraudulent charities and donation websites and emails to appear after a natural disaster or a worldwide health emergency. In this scenario, the fraudsters will craft charity emails and ask for donations for Coronavirus victims, medical staff or even COVID-19 studies.
Another scam involves posing as an “Ophthalmologist“ in an attempt to lure victims into donating in order to treat “families and children in China” with the Coronavirus vaccine. Of course, all donations need to be made in Bitcoin, and a Bitcoin wallet is made available.
To help sell the idea of a Coronavirus vaccine, the email also contains two images: one with alleged doctors wearing protection gear and doing some “sciencey” stuff, and the other with a vaccine bottle labeled “Coronavirus Vaccine.”
The next time you have the urge to lend a hand to any relief or health organizations, make sure that the website, email address, or the cause itself is real, or try ringing an emergency hotline for additional information.
An offshoot of the donation scam is the funds transfer scam, which basically asks you to help a victim of the Coronavirus wire transfer funds to a foundation that helps the suffering. Of course, while you’re not instructed to click any link or open any attachment, you’re given an email address to contact the “benefactor” to learn how to receive and transfer the funds.
This is the type of scam where, if you answer, you’ll get suckered into performing wire fraud with the promise that you’ll receive some sort of commission.
And if you happen not to fall for this one, there’s another scam that encourages you to get back to the scammer, except this time it claims that you can purchase “as many [experimented pure confirmed “coronavirus vaccine”] for people badly in need.” Simply contact the good doctor Zaks (ahem) and he’ll fix you up with the latest, newest, and guaranteed-to-work Coronavirus vaccine.
The (hyper)link Trick
Some Coronavirus-related email scams might even go the extra mile and give you information that you already know, such as official numbers of victims infected or even details about existing health problems that could complicate a potential COVID-19 infection.
However, that information is twisted with a bit of paranoia. Either implying that the government knows more about the outbreak than they let on, or that in you will “die in agony from pneumonia” in case of infection, these messages try at some point to get you to click on something. And it can be the most benign something, such as an apparent YouTube video that promises more information.
Of course, what’s embedded is not a YouTube video but an image. Even more interesting is that, while it looks like a YouTube preview thumbnail, it’s just an image that, once clicked, points you to a phishing, fraudulent, or malicious website, depending on what the cybercriminal has planned next.
As a general rule, don’t click on images, text or links, even if they seem to point to a legitimate source. You can use the pointer to hover over the text to see the real link that it points too (check the image above) or simply manually type the address in the browser.
In fact, messages from legitimate organizations and companies rarely ask you to click on an embedded link. Instead, they ask you to check out their official webpage for more information and details (even if it really is all about conspiracy theories and government plots).
Check out the gallery bellow for more scams that might show up in your inbox:
How to Protect Yourself?
If you’ve read all of the above, you’re probably more skilled at spotting phishing and scams than before. That’s because it’s all about paying attention to details and knowing what’s real and what’s not. Looking for typos, for amazing discounts, for misspelled email addresses and domains, and even suspicious links and hyperlinks can prevent you from becoming a victim.
- Just because the contents of an email has legitimate logos doesn’t mean the email address is legitimate;
- Just because an attachment looks like a PDF or document, doesn’t mean that it actually is;
- Even if the email only asks you to reply to the message, why should you? If you don’t know the person, if the offer is too good to be true, and if the reward far outweighs your effort, it’s definitely a scam;
- Stay informed and check any information across multiple official and legitimate sources;
Here at Bitdefender we focus on keeping your devices protected from malicious activity and threats of all kinds. Now more than ever, you need autonomy and safety as you reach the world via your internet-enabled devices. That’s why we have extended the trial for our best security suite, ensuring that you can take care of your family’s devices for up to 90 days. If you’re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?