COVID-19 is being used in a variety of malicious campaigns including cyber threats, email scams, malware file names, ransomware, and malicious domains. Businesses and average Americans are a target as hackers look to take advantage of the panic and chaos caused by the virus. As the number of those afflicted continues to surge, campaigns that use the disease are also on the rise.
While the general population is conducting business from home, many aspects of business – from online videos to meetings and shared files – users need to be aware of cybercriminals using various scams to lure them in, steal data or hold their business for ransom.
For most Americans, the most worrying cybersecurity trend has been the spike in malicious email scams in relation to the coronavirus, with cyber criminals using concerns around the pandemic to steal their data and blackmail individuals for money.
Researchers at CPI Investigations found a 700 percent increase during the month of March in emails scams using the coronavirus to trick individuals into clicking links or downloading attachments that included computer viruses, such as ransomware that lock up computers and demand a ransom to unencrypt them.
Many businesses and health agency websites have been targeted by ransomware attacks, including the website of the Champaign-Urbana Public Health District in Illinois, which serves around 200,000 people. The agency’s website was offline for several days while experts struggled to bring it back up, significantly limiting the ability of health officials to communicate with the public.
Esaun Pinto, President of CPI Investigations urges the public to watch out for these phishing emails while working from home. Additionally, the FBI specifically urged caution for emails involving information on coronavirus relief checks from the stimulus package signed by President Trump and those from groups claiming to be the Centers for Disease Control and Prevention.
“Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both,” the FBI wrote in the alert. “Don’t let them.”
“As the Coronavirus pandemic continues the security of businesses and American citizens is critical to ensuring that federal agencies are responsible for protection against these scammers and support local security companies and our response to the crisis so we can continue to provide trusted protection to the American people,” Pinto said.
Trendmicro, a security services platform, offers a Reputation Service team which found coronavirus-related emails with malicious attachments sent to users as early as February 2020. Below are some examples:
Example: Early COVID-19 related malicious email
There are ongoing business email compromise (BEC) scams that use the disease as a hook. BEC schemes usually work by tricking targets into transferring money to a criminal posing as someone from within the same company. The email below, an example from Trendmicro, uses the ongoing health crisis to push for urgent action.
Example of a BEC email using COVID-19
Trenmicro also detected emails claiming to be relief or health organizations asking for donations in bitcoin. The emails were sent by a group claiming to be “COVID19Fund,” which is supposedly associated with legitimate health organizations. They ask for aid and provide a cryptocurrency wallet where people can donate.
Example: Text from scam email asking for aid for the World Health Organization
Trendmicro also parsed data from their Smart Protection Network and found more information about the variety of threats using COVID-19 to manipulate targets. Spam is the main offender. Almost 70% of all the threats leveraging the virus were spam messages.