As the COVID-19 crisis wears on, the number of folks looking to cash in by stealing data from unsuspecting internet users continues to grow. Last week, the FBI issued an alert warning citizens of crisis-related fake emails. These frequently claim to be from the CDC, WHO, or other healthcare organizations, allegedly sharing health information about the virus. They often contain malicious attachments or links which should be avoided and deleted expeditiously. Others claim to be from the government, and ask users to confirm personal details so that they can receive their stimulus checks. Requests for charity contributions, offers of airline refunds, fake cures, “vaccines,” and even fake test kits have all been used to prey on users who are more stressed, more vulnerable, and frequently working from home equipment that is less closely managed by an IT company.
Stealing Data – According to a recent article in Forbes:
A report from cybersecurity company Recorded Future noted a significant rise in website registrations related to the COVID-19 virus, some of which it believes are being used to either pilfer information from recipients or infect them with malware.
Lindsay Kaye, director of operation outcomes at Recorded Future, specifically called out the following domains as potentially dangerous:
coronavirusstatus[.]space
coronavirus-map[.]com
blogcoronacl.canalcero[.]digital
coronavirus[.]zone
coronavirus-realtime[.]com
coronavirus[.]app
bgvfr.coronavirusaware[.]xyz
coronavirusaware[.]xyz
It should go without saying, but is strongly recommended that you avoid visiting any sites associated with these domains. If you receive email correspondence with links to any of these, delete it immediately. In fact, during this time of heightened risk and susceptibility, you and your staff should be doubly suspicious about any correspondence from people or organizations with which they are not familiar. Cybercriminals and even state-sponsored hackers are using the elevated level of fear to improve the effectiveness of their phishing attempts.
An email titled “ALERT – COVID-19 CASES IN YOUR AREA” or similar could be all it takes to convince them to click a malicious link. A single misstep could lead to harmful software infecting their machine and their network. This initial compromise could eventually put sensitive or even mission critical data at risk. Even with security measures like VPNs in place, if the malicious software can log keystrokes, it can collect usernames and passwords. Criminals can use these to gain access to your networks, your inbox and contacts, or even access banking websites.
Users need advice, guidance, and training to help make ALL of the parts of your network more secure. Make sure your remote staff are aware that they are always at risk – and encourage them to BE SUSPICIOUS.
Stay safe and be well.
Mike Kaufman, Vice President of the Managed Infrastructure & Cloud Services (MICS) Division, leads the team responsible for helping companies develop a modern IT strategy that includes a combination of cloud hosting, managed platform and application services and on-premise technology.