Fresh warnings have been issued about coronavirus phishing scams that are being conducted to steal sensitive data and spread malware. Multiple threat actors are taking advantage of fear about COVID-19 to conduct attacks, and as February has progressed, the number of COVID-19-themed phishing campaigns has increased dramatically.
Earlier this month, the U.S. Federal Trade Commission (FTC) issued an alert warning that cybercriminals were exploiting fear about COVID-19 and were conducting phishing campaigns, sending SMiShing text messages, and using social media networks and websites to steal data, spread malware, and sell fake products such as fake drugs to protect against infection.
IBM X-Force researchers similarly identified a campaign that used fake warnings about COVID-19 to infect recipients with the Emotet Trojan. The emails included Word attachments that contained malicious macros that downloaded Emotet.
Researchers at KnowBe4 also intercepted phishing emails that masqueraded as alerts from the U.S. Centers for Disease Control and Prevention (CDC). The emails appeared to have been sent through the CDC Health Alert Network. The emails claimed to offer information about recently diagnosed cases in the recipient’s city but directed users to a phishing website where email credentials were harvested.
Security researchers at Sophos identified a phishing campaign in which email recipients were advised to take measures to prevent infection. The emails appeared to have been sent by the World Health Organization (WHO) and attempted to steal sensitive information.
Now WHO has issued its own warning about coronavirus phishing scams following several reported cases of threat actors spoofing WHO. A variety of campaigns have been detected that attempt to steal usernames and passwords, direct recipients to malicious websites where malware is downloaded, or spread malware via malicious email attachments.
WHO has confirmed that any emails sent by official WHO personnel only come from the @who.int domain and never from who.org, who.com, or any other who-related domain. If a link is supplied in an email, do not click it even if it appears to be the correct who.int domain. Instead, visit the who.int website directly by typing the information in the browser. WHO has confirmed that when emails are sent, they never request a user to divulge their login credentials, unsolicited email attachments are not sent by WHO, links would only direct a user to the www.who.int domain, and requests are never sent to donate directly to emergency response or funding appeals.