Broker Check

Coronavirus Cyberscam Update

April 28, 2020

Although it seems repetitive, the continuing evolution of cyberscams during the COVID-19 pandemic requires constant updates. As posted by computer security researcher David Balaban on Cyber Security Intelligence here are current trends:

  • Phishing emails posing as healthcare alerts from legitimate organizations to get recipients' credentials or steal from them. (Hint: get information directly from news sources or official websites.)
  • Business email compromise attacks impersonate senior management and request aging reports from finance department employees on non-paying customers. Then they contact the customer to send payment to a different bank used by the fraudster.
  • Deceptive emails purporting to be from WHO asking the recipient to click on a link revealing their password. (Before clicking to any link, be sure it's https not http.)
  • Other pseudo alerts are purportedly from the CDC with regional infection updates. (You can get updates from your local news station.)
  • Hackers in other countries impersonate government officials using remote access tools to collect sensitive information. 
  • Ransomware attacks may be a screen for Trojans stealing sensitive information. Ransomware attackers are also threatening to sell or release stolen information unless their victims pay ransoms of millions of dollars in bitcoin.
  • Fake COVID-19 maps are a cover for Trojans stealing information.
  • A new FormBook infection impersonates the WHO with fake updates while downloading malware. 
  • A remote access tool (RAT) codenamed Remcon masqurades as coronavirus safety measures while stealing information.
  • Lokbit malware uses phishing emails disguised as Chinese emergency regulations targeting specific industries.
  • Fake  drug marketplace sites target users looking for cures.  
  • Malware has been loaded onto websites with COVID-19 information, infecting users.
  • Mobile applications, disguised as providing COVID-19 information, are downloaded to mobile phones to extract sensitive data.

The best way to avoid these scams is to beware all email alerts from unfamiliar sources. Other recommendations from the FTC include using reputable sites for updates; avoid ads for vaccines or other "cures"; don't make donations to email sites by cash, gift cards or wire transfer; ignore offers to invest in new drugs. Also, ignore emails not specifically addressed to you or which try to panic you into action.