Scammers Try to Capitalize on Coronavirus Fears

It did not take long. A new malicious phishing campaign based on the fear of the coronavirus has made its ugly appearance, and cybersecurity experts warn “it’s the first of many.”

Now, with fears heightened and employees asked to work remotely, scammers are in full attack mode.

In a blog post, “Exploiting the Coronavirus: The Spammers, the Scammers, and the Bad Guys,” the Tampa Bay, Fla.-based KnowBe4′s researchers revealed an analysis of the new coronavirus-related phishing emails reported by consumers. Using the KnowBe4 Phish Alert Button, reported scam emails ranged from ordinary spam attempting to leverage the crisis for quick financial gain to dangerous emails designed to exploit fear and ignorance to compromise victims’ online accounts and install malware.

“Yup, you can count on it, when there is a worldwide health scare, the bad guys are on it like flies on $#!+,” Stu Sjouwerman, CEO of KnowBe4, said. He shared a screen shot of a phishing email and warned there will be many other social engineering attacks using this same scare.

“There is a lot of preying upon people’s fears right now.” Diana Volere, cybersecurity evangelist from the El Segundo, Calif.-based Saviynt, said. “People are opening emails they wouldn’t normally open because it’ll say something like ‘latest guidelines from the World Health Organization.’” She recommended, rather than opening unsolicited emails because they are nervous about it, they should go directly to the World Health Organization and CDC websites. “Don’t think they’re going to be proactively sending you emails. Being informed proactively as opposed to watching your inbox is really the best thing people can do right now.”

Piyush Pandey, CEO of the Dallas-based Appsian, pointed out organizations asking employees to work remotely, a direct result of the coronavirus, could lead to complications. Organizations must make many business applications, usually only accessible on a corporate network, available remotely. “This means that if someone falls for a phishing scam then the hacker now has access to the business applications; where previously, the hacker would not have been granted access because they would be outside the network. In essence, the attack surface for core business applications has now become significantly bigger, putting the organization at greater risk.”

Colin Bastable, CEO of the Austin-based Lucy Security, said, “Hackers never let a good crisis go to waste, and this is a biggie.” He added people working from home get easily distracted, especially if they are normally used to working in the office, and they will mix work with personal email and web browsing.” Clicking on malware links increases risks they can introduce to their employers and colleagues. “Now is a great time to warn people to be ultra-cautious, hover over links and take your time.”

Bastable pointed out email delivers over 90% of attacks, and, according to the latest FBI report, nearly half of all cybercrime losses resulted from business email compromise attacks, with an estimated price tag of $1.77 billion. “We should expect a spike in losses.”

In general, attackers look for a vulnerability to deliver their attack, Chris Rothe, chief product officer and co-founder of the Denver-based Red Canary, said. “In this case, people’s fear over the virus is the vulnerability attackers will look to capitalize on. If an individual is concerned or stressed about the virus, they are less likely to remember their security training and will be more likely to, for example, click a link in a phishing email or give their credentials to a malicious website.”

Scott Gordon, CISSP and chief marketing officer for the San Jose, Calif.-based Pulse Secure, said, “A public health crisis, such as the coronavirus, doesn’t have to impact productivity for your workers and should not increase threats for your organization.” Gordon added planning for natural and manufactured disruptions, or even network downtime, requires a solution with enough capacity in place to allow employees to securely collaborate and access the applications, data and services needed to continue to do business.

“We encourage businesses to continue routinely updating employees on the latest health, travel and security precautions relating to COVID-19,” Orion Cassetto, director, product marketing for the Foster City, Calif.-based Exabeam, stated. “Recently, the number of phishing emails purporting to be from companies’ trusted business partners and public organizations is increasing. Therefore, enterprises should consider incorporating advice on identifying these scams into these updates.”

In February, two phishing-related incidents prior to the coronavirus eruption rocked the credit union community. A “cyber incident” caused by ransomware knocked CUNA’s system offline for more than two days. Ransomware attacks often begin with phishing emails. Also, Alaska Attorney General Kevin G. Clarkson warned of a phishing scam affecting Alaskans, with scammers pretending to be from the $8.3 billion, Anchorage-based Alaska USA Federal Credit Union.