Criminals are using the COVID-19 pandemic to carry out phishing and malware attacks.
This is according to a joint advisory from the UK’s National Cyber Security Centre and the US Cybersecurity and Infrastructure Security Agency.
The agencies observed a rise in the use of COVID-19-related themes in attempts to harvest sensitive user data or to swindle users out of money.
The threat has been amplified by the increase in remote working as more people are confined to their homes due to governmental restrictions on movements.
“At the same time, the surge in home working has increased the use of potentially vulnerable services, such as VPNs, amplifying the threat to individuals and organisations,” the advisory stated.
How the attacks work
The attackers exploit general curiosity and concern over the COVID-19 virus to prey on users.
Scammers will often pretend to be trusted entities and use social engineering methods to persuade users to carry out a certain action.
“To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization or an individual with ‘Dr.’ in their title.”
“Other examples purport to be from an organisation’s human resources department and advise the employee to open the attachment,” it added.
This convinces users to click on a link or download an attachment that may compromise their information or the integrity of their systems.
Additionally, the attackers are exploiting COVID-19 to steal user credentials – such as for email services from Google and Microsoft.
“Spoofed pages are designed to look legitimate or accurately impersonate well-known websites. Often the only way to notice malicious intent is through observing the website URL,” the advisory said.
“In some circumstances, malicious cyber actors specifically customise these spoofed login pages for the intended victim,” it warned.
What to look for
The advisory detailed examples of phishing campaigns carried out via email.
Users should be wary of emails that may have subject lines such as the following:
- 2020 Coronavirus Updates
- Coronavirus Updates
- 2019-nCov: New confirmed cases in your City
- 2019-nCov: Coronavirus outbreak in your city (Emergency)
Malicious file attachments used to deliver malware payloads could be named with coronavirus or COVID-19 themes, with one example the advisory gave being “President discusses budget savings due to coronavirus with Cabinet.rtf”.
Although most of these attacks are carried out via email, the advisory said that SMS was also being used.
“Historically, SMS phishing [Smishing] has often used financial incentives, including government payments and rebates (such as a tax rebate) as part of the lure,” it explained.
“Coronavirus-related phishing continues this financial theme, particularly in light of the economic impact of the epidemic and governments’ employment and financial support packages.”
One example it noted was a series of SMSs using a UK government-themed lure to harvest emails, addresses, names, and banking information.
The SMSs include a link which directs the user to a phishing site, where they may type in their details thinking it would be used by a legitimate entity.
South Africans at risk
It is advisable to not click on any links or attachments in emails or text messages purporting to provide coronavirus details or relief unless these are from official channels or sources.
Similar trends have been noted in South Africa, as the South African Banking Risk Information Centre (SABRIC) warned on 17 March 2020.
SABRIC provided the following tips to bank customers on how to avoid becoming a victim:
- Do not click on links or icons in unsolicited emails.
- Never reply to these emails.
- Do not believe the content of unsolicited emails blindly.
- Check that you are on the authentic/real site before entering any personal information.
- Do not click on links or icons in unsolicited SMSs.
- Do not reply to these SMSs..
- Do not believe the content of unsolicited SMSs blindly.
- Regard urgent security alerts, offers, or deals as warning signs of a hacking attempt.
Trusted source of COVID-19 information
South Africans have several options when it comes to getting reliable updates on COVID-19, primarily: COVID-19 South African Resource Portal.