COVID-19/Coronavirus Phishing Trends

COVID-19/Coronavirus Phishing Trends

March 13, 2020

The worldwide spread of COVID-19/ Coronavirus has led to an increasing number of phishing emails seeking to use the fear and uncertainty surrounding the disease to lure victims into installing several forms of malware. These attempts are most often from senders pretending to be a valid authority such as the World Health Organization (WHO), Center for Disease Control (CDC), local health organizations, or company leadership or Human Resources. While we acknowledge that legitimate, organizational email regarding COVID-19/ Coronavirus is highly likely, R9B recommends a heightened awareness around all emails on this topic.

The following guidance is suggested to combat this trending phishing threat:

  • Scrutinize the sender’s email address. This will separate the obvious attempts, but there have been reports of emails from official domains being used to spread malware. The CDC and the WHO will not contact the general public through email.
  • Be wary of links within emails. Malicious actors are registering Coronavirus-based domains at an increased rate. Attempt to use the parent website to navigate to the selected site. For example, manually navigate to who[.]int and search for “COVID-19” instead of clicking an email embedded  link.
  • Do not open attachments that are not expected.
  • Ensure macros for Office products is disabled.
  • Do not enable content for any non-critical file extensions, for example, .js and .hta.
  • Be wary of any email that does not load properly in your email client. One attack vector we have encountered is a poorly constructed email with a link that says “To view this email in a browser, click here…” Following the link leads the user to a malicious website.

R9B continues to track these schemes and works to defend against them by providing intelligence-led Network Defense and HUNT services.