5 Cybersecurity Threats that Take Advantage of People’s COVID-19 Fears

March 30th, 2020   |     |  security and compliance, culture & news

In our previous postings, we covered WHO and CDC Phishing Scams and Coronavirus Conspiracy Theory Lures. We wanted to make sure you were informed of the cybersecurity attacks that were occurring related to COVID-19.

Unfortunately, these attacks are increasing and many of them are focusing on remote workers since many organizations have transitioned to a work from home model. We always want to make sure that your audience is up-to-date on the current threats so in this blog post we have summarized and provided examples of what we are seeing.

1. Fake Emails From the CDC and the WHO

From the beginning of COVID-19, we have seen several email phishing attacks from cyber criminals posing as government organizations. These have typically appeared to be from either the CDC or WHO and have prompted recipients to click on a malicious link to “more information about COVID-19.” Take a look at some examples:

Fake email from CDC

Fake COVID-19 email

2. Fake Emails Offering Financial Assistance

We are also seeing email phishing attacks offering financial assistance to recipients. As an example, the email below appears to be from the UK government and asks you to click on a link in order to sign up for a tax refund program. These emails are seeing wide circulation since the recent COVID-19 crisis has many people out of work and these emails appear to offer some relief.

Emails about financial assistance

3. Fake Texts and Phone Calls Promising Information

Cyber criminals are not only taking advantage of people’s emails, they are also attempting to contact potential victims via text messaging or phone calls. These smishing and vishing attacks are simply promising the same information that the phishing attacks are; they are just taking on a different mode of communication. Take a look at the text example below—this text masquerades as information from the government asking you to click on a link.

Phishing

4. Fake COVID-19 Informational Websites.

Everyone is looking online and on news websites to find out real-time information about the COVID-19 outbreak, Cyber criminals are also taking advantage of people’s daily habits by standing up fake malicious websites. This fake website, Corona-Virus-Map.com, contains spyware that can steal your personal information.

Fake COVID-19 malicious website

5. Fake Apps Offering COVID-19 Assistance

In today’s digital world, bad actors don’t just stop at emails and websites. We are also seeing cyber criminals develop apps. This is an example of an Android app that promises to send you a mask if you install the app and use the order form. It actually wants to access all your contacts so that it can spam them.

Fake COVID-19 apps

As always we urge you to be vigilant and to train your user base on how to recognize and handle these types of attacks. Make sure your users STOP.

  1. Stop
  2. Take a Deep Breath
  3. Opportunity to Think
  4. Put the email into Perspective and report the Phish, SMISH, or Vish. Report to your Security Team or IT team for investigation.

If they stop and take a deep breath they will have time to think. They will have time to make sure they recognize the person sending them a link or an attachment before they click on that link or download the file; they will have time to notice that certain key words are misspelled. And perhaps they will think twice before providing any personal information or clicking allow when prompted to share all their contacts. Most importantly, they should report anything that seems suspicious to the appropriate team.

Find more resources that we have put together to help you face COVID-19.

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Alicia Townsend, Dir. of Content and Documentation
About the Author

For almost 40 years, Alicia Townsend has been working with technology as both a consultant and a trainer. She has a passion for empowering others to use technology to make their lives easier. As Director of Content and Documentation at OneLogin, Ms. Townsend works with technical writers, trainers and content marketing writers to inspire and empower everyone to take advantage of what OneLogin’s platform has to offer them.

View all posts by Alicia Townsend

Secure all your apps, users, and devices