Hackers using coronavirus conspiracy theories to spread phishing scams

14 Feb 2020

Image: © Jo Panuwat D/Stock.adobe.com

Tapping into fears of a coronavirus pandemic, fraudsters are sending phishing emails promising a potential ‘cure’.

To a number of hackers and fraudsters, the onset of the recent coronavirus outbreak (Covid-19) has become a potential goldmine for exploiting vulnerable people online. Cybersecurity firm Proofpoint has detected a surge in scams that pretend to be coming from legitimate sources such as the World Health Organisation (WHO).

They target those who might believe conspiracy theories about the spread of the virus and potential cures. One email seen by Proofpoint claimed that a cure for the virus is being hidden by governments and is actually a bioweapon. The basic phishing scam then urges the recipient to find out more about this fake cover-up by clicking a link in the email.

They are then taken to a fake DocuSign website where they’re told they need to enter credentials to access the information.

Another scam purports to be an internal company email sent to employees of a large firm, with a well-crafted mail supposedly from the company’s president.

A screenshot of a phishing email claiming to have information on a cure for Covid-19.

Email claiming to have information on a ‘cure’ for Covid-19. Image: Proofpoint

However, an included Microsoft Word attachment is embedded with a URL that leads to a fake Microsoft Office website that asks for the person’s credentials. Once entered, they are then redirected to the real WHO website in an attempt to add credulity to the scam.

Another WHO-related scam claims to provide safety measures to prevent the spread of Covid-19, but when the attachment is opened it installs AgentTesla Keylogger malware that tracks and records all keystrokes. Other malware attached to these emails include Emotet and Azorult.

‘Hackers will always prey upon fear’

Typically, the phishing scams are targeted at businesses with strong connections to international trade, as well as construction, education, energy, healthcare, manufacturing and retail. Geographically, in addition to previous targeting against Japan and the US, Proofpoint has reported attacks focused on Australia and Italy, the latter in Italian-language lures.

Speaking of these opportunistic phishing scams from the perspective of the financial sector, Will LaSala, senior director of global solutions at cybersecurity firm OneSpan, said it’s time for banks to be “on the lookout” for scams.

“Hackers will always prey upon fear to increase the impact of phishing campaigns, and risk analytics technologies are key for today’s banks to determine fraud risk in real-time for individual transactions – delivering a level of security beyond what manual processes can provide,” he said.

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com