New Coronavirus Flavoured Phishing Email Scams
Email scams are nothing new, just about everyone has heard of that one Nigerian Prince for example, but there is another phishing scam doing the rounds and unsurprisingly it is Coronavirus flavoured.
Gmail users alone are being targeted with up to 18 million phishing email hoaxes every single day. Of course, it doesn’t end there with ‘regular’ email users – healthcare professionals are being targeted also.
Criminal gangs have reportedly been emailing these professionals, pretending to be their own IT teams or companies that the recipient’s organization is partnered with. Those sent these emails are redirected to a fake website, posing as a legitimate site, where they are encouraged to enter personal details. This is not a new tactic either, but with these people preying on people’s fears, is there a way to spot a phishing scam?
Protecting yourself and your organization
Advanced technologies can be used by specialist security companies in order to analyze links within emails. This can help prevent a user from visiting a bogus website and stop any premeditated malicious activity. When it comes to identifying a phishing email yourself, there are several things you can do in order to weed them out.
Firstly, you need to be mindful of the fact that many companies will not ask you to click a link in order to ask you to log in – they will simply ask you to log in from a browser after exiting the email. Now, they may include a link to the site but it’s almost never a login page – making the URL easy to distinguish between fake and genuine.
Speaking about URLs, if you click or tap the sender’s email address, you can see if it looks ‘deceptive’ or not. It should be noted that the address first displayed can be spoofed, but the one displayed upon clicking is the address the email actually came from.
Less sophisticated scam emails are often littered with spelling and grammar mistakes, and these are relatively easy to spot. Legitimate emails are written by real people and so can contain errors, but it is highly unlikely.
If you are working for an organization, the scams (like the new coronavirus phishing emails) are likely to be more sophisticated, so it’s best to leave it to the professionals – you can contact us for a chat anytime.
What do coronavirus phishing scams aim for?
The campaigns that have been identified thus far seem to have either one of two aims: to either infect a user’s device with malware (malicious software) or to trick a recipient into placing orders for equipment and instead of placing the money into their own fraudulent accounts.
In the case of the latter, emails disguised as purchase orders from an existing customer (orders, very often for medical supplies) are designed to trick people into sending money to a bogus account.
Ryan McConnell, founder of R. McConnell Group PLLC, a law firm in Houston, has said on the subject “With the coronavirus, it’s a heightened risk because it’s a good vehicle for fraud and people are scared,”. It is easy to see why cybercriminals are using people’s fear of the virus.
Coronavirus phishing emails first started to be reported in January, in Japan, with criminals posing as local health-care providers.
These scams were, and still are, being tracked by IBM Security:
“It was very focused on enterprise users and came in a message that would look like it’s a reply to something, or a warning that people are getting from the government. It could have been pretty effective at infecting company users” – Limor Kessem, Exec. Security adviser.
There have also been emails coming from other sources that many would immediately trust. As the screenshot shows below, the details and imagery used by the World Health Organization are also being put to use:
At first glance, it looks completely legitimate – which of course is the point. What gets downloaded is the aforementioned malware files.
Because the majority of organizations rely on email for standard communication, policy updates, etc., these types of attacks can be very successful if the target isn’t extremely careful.
Keeping your business and employees updated on these and other methods of attack become more important as time goes on, especially in wealthier nations where these emails are strategically more sophisticated.
You can request a free trial with us, for 30 days, so that you can see exactly what we can do to protect you and your organization. Get in touch with us today, we’re always happy to chat.
