What is happening?
As part of our ongoing efforts to ensure that our audience remains informed about the latest threats to their data, we wanted to let you know about another scam related to fears around COVID-19. Not only are malicious attackers sending out phishing emails, text messages, and making phone calls pretending to be the WHO or the CDC (see Part 1 of this series), but these attackers are leveraging emotional messaging and fear to lure victims.
Individuals fall victim by carrying out the required action outlined in the message; like opening the attachment, clicking on the link shared via email or sms message, and/or providing sensitive information such account credentials via phone call. Once individuals fall victim to any of these actions they are now at risk and need to act quickly to reduce impact to their systems, accounts and their sensitive or personal data.
One of the most prevalent social engineering attacks is a phishing email with the subject, “Confidential Cure Solution on Coronavirus”. The body of the email includes several conspiracy theories and suggests that the virus was created by scientists as a form of control and the reader is prompted to download a document that supposedly contains information about a cure for the virus. The downloaded file then infects the reader’s machine with malware.
The approach may be different than was cited in Part 1 of this series, but the malware action is the same—infecting individuals’ device laptop and/or mobile phone. The infected device is then susceptible to compromise as the malware on the infected machine takes advantage of a security bug and/or technical vulnerability that has not been patched on the device. Malicious Attackers such as Emotet and AZORult are infecting these systems along with keyloggers such as AgentTesla Keylogger and NanoCore RAT. The Malicious Attackers have found a formula that works.
What can you do to protect yourself and your users?
Our OneLogin Trust and Security guidance is to “Stay Security Conscious.”
Coronavirus social engineering threats such as Phishing, Smishing (Phishing attacks via SMS messages), or Vishing (Phishing attacks via phone or VoIP) are another flavor of social engineering techniques used where the malicious attackers are trying to get an emotional response for individuals forcing them to click on the link without thinking.
When you receive unexpected emails, Text SMS Messages and/or phone calls use the S-T-O-P principle:
- Take a Deep Breath
- Opportunity to Think
- Put the email into Perspective and report the Phish, SMISH, or Vish. Report to your Security Team or IT team for investigation.
It may seem obvious and we have stated it before, but you need to warn and educate your users. Remind your users to never open attachments from senders they don’t already know. Inform your users of all the various forms that these phishing attempts may take. The FTC has provided some specific recommendations regarding these attacks related to the coronavirus:
- Ignore online offers for vaccinations. If there had been a medical breakthrough, it would be widely announced through the media and ads.
- Do your homework when it comes to donations, whether through charities or crowdfunding sites.
- Be alert to “investment opportunities.” The U.S. Securities and Exchange Commission (SEC) is warning people about online promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or cure coronavirus and that the stock of these companies will dramatically increase in value as a result.
“Security First” - OneLogin Trust and Security Reminder
“Security First” is today how we operate at OneLogin.
As our customers, you set and manage the security policies in our OneLogin service and product offerings. This allows you, our customers, to configure your security policies and settings to your individual company risk appetite and/or corporate policy requirements. We therefore want to remind you:
OneLogin and/or any of our personnel will never contact you directly asking you to change your account password.
Should you receive an email, SMS text message or phone call of this nature, we would ask you to report it to your OneLogin administrator, security team and send it into us for investigation: firstname.lastname@example.org
Your security is of the utmost importance to us. These cybercriminals keep expanding their efforts. Let us help you keep your user access secure.