6 Mar 2020

Coronavirus phishing attacks just won’t go away. As the novel coronavirus (COVID-19) outbreak continues to spread, cybercriminals have intensified their phishing attacks, adding fuel to the global crisis.
Beyond the devastating effects of the coronavirus, the outbreak is producing a perfect storm for cybercriminals. Cybercriminals are feeding on public anxiety and preying on victims using scare tactics and urgent calls to action to entice an ill-advised click. And to make matters worse, the global reach of the coronavirus means virtually everyone is a relevant target for a coronavirus scam.
We collected seven coronavirus phishing attack examples to shed light on the top tactics cybercriminals are using so you can prepare your employees for the threats they are facing now and in the foreseeable future.
Is your organization susceptible to phishing attacks? Find out today with a free Phishing Risk Test!

1. Safety measures turned malicious

This phishing attack impersonates a coronavirus specialist from the World Health Organization to trick victims with two malicious options. The email urges the victim to download a malicious file disguised as a safety document.
coronavirus phishing email
Image courtesy of Sophos
The same attack was spotted without the World Health Organization branding, but instead targeted to the victim’s region.
coronavirus phishing email
Image courtesy of Wired
The attack also gives the victim the option to click a “Safety Measures” button. If the victim clicks the link, they are redirected to a spoofed World Health Organization site and prompted to provide their email address and password.
coronavirus phishing email
Image courtesy of Sophos

2. Internal organization alert

This phishing attack takes a corporate approach by impersonating a company’s president to deliver an attachment disguised as tips to prevent infection. The attachment is designed to infect an employee’s machine with malware.
coronavirus phishing email
Image courtesy of Trustwave

3. New cases in your area

This attack preys on the fears of Coronavirus spreading near the victims’ location. Disguised as a CDC alert, this phishing email tricks victims into clicking a malicious link by offering an updated list of new cases of the virus documented near them.
coronavirus phishing email
Image courtesy of Trustwave

4. The donation scam

Like the tried-and-true donation scams used after natural disasters, this phishing attack solicits donations to fight the spread of the coronavirus. The attack imitates a CDC emergency outreach email and asks victims to deposit money into a Bitcoin account.
coronavirus phishing email
Image courtesy of Kaspersky

5. Information from the source

In this coronavirus phishing attack, the cybercriminal impersonates a doctor from The Central Hospital of Wuhan to play on victims’ fears, lend credibility to the email and convince the victim to download a malicious attachment.
coronavirus phishing email
Image courtesy of Mailguard

6. Coronavirus domains

Along with the phishing tactics above, one of the largest concerns facing cybersecurity researchers is the massive increase in coronavirus-themed domain registrations. Many suspect that these coronavirus-related domains will be used for phishing attempts like those listed above.
coronavirus phishing domains
Image courtesy of Checkpoint

7. Fake product scam

Beyond the coronavirus phishing threats listed above, the SEC is warning consumers of investment scams related to products claiming to prevent, detect or cure coronavirus. Future phishing attacks may leverage this same tactic.

Prepare your employees for coronavirus phishing attacks

Coronavirus phishing attacks show no signs of slowing down. We’ve already seen a wide range of tactics cybercriminals are using to scam victims, infect their devices and steal information. By providing your employees with simulated phishing training, you can not only help them detect these phishing attacks at work to keep your organization secure, but also help them develop more secure habits to stay secure at home.
Security awareness and simulated phishing platforms like Infosec IQ come loaded with topical phishing templates (including templates for the attacks above) to help you prepare your workforce and keep your organization secure.
Run a free phishing risk test to see how it works!


Post a Comment


Blog Archive

© Evarist Chahali 2006-2022

Search Engine Optimization SEO

Powered by Blogger.


Chaneli Ya YouTube