BE SUSPICIOUS! Phishing in the time of COVID-19   

March 30, 2020
Mike Kaufman

As the COVID-19 crisis wears on, the number of folks looking to cash in by stealing data from unsuspecting internet users continues to grow.  Last week, the FBI issued an alert warning citizens of crisis-related fake emails.  These frequently claim to be from the CDC, WHO, or other healthcare organizations, allegedly sharing health information about the virus.  They often contain malicious attachments or links which should be avoided and deleted expeditiously.  Others claim to be from the government, and ask users to confirm personal details so that they can receive their stimulus checks.  Requests for charity contributions, offers of airline refunds, fake cures, “vaccines,” and even fake test kits have all been used to prey on users who are more stressed, more vulnerable, and frequently working from home equipment that is less closely managed by an IT company.

Stealing Data – According to a recent article in Forbes:

A report from cybersecurity company Recorded Future noted a significant rise in website registrations related to the COVID-19 virus, some of which it believes are being used to either pilfer information from recipients or infect them with malware.

Lindsay Kaye, director of operation outcomes at Recorded Future, specifically called out the following domains as potentially dangerous:

coronavirusstatus[.]space

coronavirus-map[.]com

blogcoronacl.canalcero[.]digital

coronavirus[.]zone

coronavirus-realtime[.]com

coronavirus[.]app

bgvfr.coronavirusaware[.]xyz

coronavirusaware[.]xyz

It should go without saying, but is strongly recommended that you avoid visiting any sites associated with these domains. If you receive email correspondence with links to any of these, delete it immediately.  In fact, during this time of heightened risk and susceptibility, you and your staff should be doubly suspicious about any correspondence from people or organizations with which they are not familiar.  Cybercriminals and even state-sponsored hackers are using the elevated level of fear to improve the effectiveness of their phishing attempts.

An email titled “ALERT – COVID-19 CASES IN YOUR AREA” or similar could be all it takes to convince them to click a malicious link. A single misstep could lead to harmful software infecting their machine and their network.  This initial compromise could eventually put sensitive or even mission critical data at risk. Even with security measures like VPNs in place, if the malicious software can log keystrokes, it can collect usernames and passwords. Criminals can use these to gain access to your networks, your inbox and contacts, or even access banking websites.

Users need advice, guidance, and training to help make ALL of the parts of your network more secure.  Make sure your remote staff are aware that they are always at risk – and encourage them to BE SUSPICIOUS.

Stay safe and be well.