Cyber criminals are using the ongoing coronavirus outbreak to spread malware

Coronavirus-themed phishing emails are targeting email credentials

Malicious actors are sending coronavirus phishing and malware emails, disguising themselves as legitimate healthcare organizations. The global Coronavirus outbreak is not showing any signs of backing down, and cyber crooks are quick to make use of the ongoing panic for their malicious purposes. That is not surprising since they are always looking for ways to exploit situations and vulnerable people. This time, they are pretending to be Centers for Disease Control and Prevention (CDC) as well as other healthcare agencies.

The phishing campaign that’s currently going around is trying to trick users into exposing their email login credentials, which would essentially give cyber crooks access to any accounts associated with the email address. The email is nothing too elaborate or sophisticated but it looks real enough that users would engage with it.

The email is disguised to look like it was sent from the Centers for Disease Control and Prevention, a legitimate US federal agency. The organization has supposedly been monitoring the 2019 coronavirus outbreak and has made up a list of new cases close to the recipient of the email. The recipient is advised to check the list in order to avoid danger.

A link is provided in the email, and it leads to a site trying to imitate Outlook, making it seem like users first need to login to their email account in order to access the list. If users try to log in into the fake site, they would be handing over their login credentials directly to cyber crooks.

What are the signs of a coronavirus phishing email?

The coronavirus phishing email is a pretty obvious attempt but it does have some effort put into it to make it seem more real. The sender’s email address is pretty random but the domain looks a lot like the CDC one, and for users who are not familiar with the legitimate domain, this may not be suspicious at all. And since many people are worried about the coronavirus outbreak, a healthcare organization sending cautionary emails may also not be something out of the ordinary.

While other signs may slip past many users, the biggest red flag is the link provided in the email. While it appears legitimate at first sight, if users were to click on it, they would be taken to a website trying to imitate Outlook’s login page. It goes without saying that users will never be asked to provide their email login credentials to access new articles, or any other kind of content. In general, unless users have manually entered a site, they should never try to log in. Avoiding clicking on any links in emails is also a good idea, and if accessing an account is necessary, users can do it by manually going to the site.

Coronavirus-themed emails are also spreading malware

In addition to phishing for email credentials, malicious actors are also distributing malware in coronavirus-themed emails. Researchers at Kaspersky have reported that the malware is distributed as attachments, which are disguised as instructions and educational documents related to the coronavirus 2019 outbreak.

“Kaspersky’s technologies have found malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments and even virus detection techniques,” Kaspersky’s report says.

Fortunately, as long as the email attachments remain unopened, they pose no threat. It’s important to always be careful when opening unexpected email attachments, and if users do not recognize the sender, best not to open the file. And if opening it seems necessary, at least scanning it with anti-malware software is recommended.

Scammers are also taking advantage of the 2019-2020 coronavirus outbreak

US Federal Trade Commission has warned people of scammers selling fake medication and trying to get donations. According to the government agency, scammers are creating websites in order to sell fake products, and are using all kinds of means to raise interest.

“They’re setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information,” the FTC has said.

Not only could those posts and emails be promoting fake medication and other products, but also spread misinformation in order to create even more panic, and even ask for donations for supposed coronavirus relief efforts and charities.

The FTC advises users to not click on links from sources they do not recognize, ignore emails claiming to be from the CDC, not buy questionable medication or vaccines advertised online, and do research before making donations to charities.