Coronavirus Phishing Scams: How Hackers Are Exploiting Victims

Coronavirus Phishing Scams: How Hackers Are Exploiting Victims

With the latest global threat of COVID-19, hackers are using Coronavirus phishing scams to prey on the fears of their victims.

It’s of no surprise that the general public are anxious about their own safety and the safety of their loved ones. But besides the threat of Coronavirus, there is another threat lurking and that’s cyber criminals looking to play on the fears of those concerned with Coronavirus by targeting them with phishing emails. To learn more about Phishing emails, visit our earlier blog post “Why phishing attacks are a growing threat to your business.”

Examples of Coronavirus Phishing Scams

The BBC reports along with other leading cyber security providers such as Kaspersky that numerous email scams are doing the rounds designed to mislead concerned people into clicking the links within those emails.

The BBC has tracked the top 5 email campaigns that are being used. These are: –

  1. Click here for a cure – this scam purports that a doctor has details about a vaccine being covered up by the Chinese and UK governments. The email contains a link, and when you click it, you are taken to a credential harvesting website.
  2. COVID-19 Tax Refund – an email scam claiming to be from the UK government encouraging recipients to click a link to “claim their funds”. Clicking the link takes the victim to a fake government website asking for their financial and tax information.
  3. Little measure that saves – this email scam purports to be from the World Health Organisation (WHO) and claims to give details on how to prevent the spread of COVID-19 in an infected attachment.
  4. The virus is now airborne – this email appears more authentic as it uses a legitimate email address from the Centres for Disease and Control Prevention using a spoofing tool. Clicking the link redirects the recipient to a Microsoft login page and harvest their email account credentials.
  5. Donate here to help the fight – this email campaign uses a fake Centres for Disease and Control Prevention email address and asks for donations to develop a vaccine. The email is asking for donations via cryptocurrency Bitcoin.

Sky News also reports of banks warning customers to be aware of fake text messaging scams known as ‘smishing’. These are sent to the general public by fraudsters impersonating other organisations in a bid to get personal information and financial information or money. 

Here’s MMRIT’s top 5 tips to help you stay secure.

  1. Question, question, question. Always question why you are receiving the email, who it’s from, and how they got your email address. If it is a company you don’t know, and you haven’t given them your details or permission to email you, delete the email immediately.
  2. Is it safe to click the link? Hover your cursor over links in emails to reveal the link destination. If it looks suspicious, don’t click it.
  3. Does the email make sense? Check the spelling and grammar of the email. Does it read well? Does it make sense?
  4. Look at the tone of voice. Look out for emails that play on fears, emotions or a sense of urgency such as “act now”.
  5. Follow email best practices. Where possible use Two Factor Authentication (2FA) to add an extra layer of security to access your email accounts should your password become compromised. Make sure your email security is up to date.

Need further help?

At MMRIT we’re here to help. We have a range of cyber security services designed to minimise cyber risks and keep you safe. To learn more or to discuss your current security provisioning, contact us.

Spread the word

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email