Scam emails and phishing campaigns are surging as the COVID-19 pandemic is taking hold on a global level. Bitdefender telemetry reveals that attackers are changing and diversifying their messages to reach as many people as possible.
Most phishing campaigns follow a shotgun approach, which means that criminals send messages indiscriminately, trying to reach as many people as possible. Usually, this is achieved through the use of zombie bot networks that send thousands of emails to addresses leaked in various data breaches.
As you can imagine, the messages contain all kinds of information about the pandemic or use it in some way to trick users. Most of the time, they try to persuade users to open an attachment and install some form of malware.
Spreading like wildfire
Bitdefender spotted a growing trend a month ago when the number of malicious reports jumped from 1,448 in February to 8,319 in the first 16 days of March. This represents a 475% increase in a single month.
Healthcare firms – hospitals & clinics, pharmaceutical institutions and distributors of medical equipment – were the most common targets, but the malicious emails are spreading into the general population and other industries as well. Here are a few examples of spam intercepted by Bitdefender’s detection engines.
This one is addressed to a company’s purchase department, asking for a Swift quote, urgently. The attacker claims that it needs an offer soon and you only need to check the attachment, which actually holds an executable file.
UPS – Pending delivery
Since a lot of people are staying inside, many products are now delivered directly to the house or apartment. So attackers have crafted a message that simply says the following: “Your package has reach our warehouse and due to coronavirus outbreak, you will need to come to our warehouse to get it, check the attactment for details.”
Although riddled with grammatical errors, such messages always try to make people look inside the attached files. In this case, the attachment is an ISO file so, when the user opens it, the operating system mounts the ISO as a DVD, which has an executable file inside, waiting to deploy malware on the device.
Finally, another malicious message is addressed to companies, claiming to show a picture of infected people inside the organization: “Please find attached the picture picture of your staff with the COVID-19 viral infection. We have commenced her isolation and tracing all previous contacts.
You are advised to inform all other persons in your organisation to quickly begin the self isolationprocedue before their result is anounced.”
Of course, people are invited to open the attachment, an IMG file, which also opens as a mounted DVD, revealing an executable file.
Coronavirus spam is here to stay
We have already seen a substantial increase in malicious spam, and there’s no indication it will slow down. If anything, the messages and malware are going to change with the evolution of the pandemic, which means that people need to always be on guard.
As usual, the best possible course of action is to never open emails from unknown sources. Or, in this case, if it comes from seemingly official sources such as the World Health Organization, the CDC, or some other authority, it’s likely fake. Finally, having a powerful security solution installed should be a bare minimum for any user.