When it comes to social engineering tactics, email scammers will use any means necessary to trick you into giving up your credentials or launching malware on your computer. Most recently, their efforts have been spent capitalizing on the widespread concern and confusion surrounding the coronavirus outbreak. Security researchers have already identified several different types of phishing scams specific to coronavirus, and it is likely there will be variations to these emails coming as the crisis continues.
While these scams might seem daunting to identify due to heightened awareness surrounding the situation, remember that the core of all phishing attempts is always the same, so you can follow the same methods to avoid these scams. You should be cautious when reviewing emails, avoid clicking on anything and navigate to reputable news sources for information regarding new developments with the situation. Phishing emails cannot harm you unless you interact with these messages in some way, such as replying, clicking a link or entering your information into a web form.
Donation scams have always been a popular tactic, as these scams use social engineering to play on the natural compassion humans have for each other. In the screenshot below, you can see how the email scammer is using charity donations to trick you into contacting them with your financial information. Never email someone directly with financial information regardless of the circumstances, and if you are interested in donating to the research efforts to fight coronavirus, seek out reputable and secure ways to do so.
Many coronavirus phishing campaigns claim to be coming from the World Health Organization with a Word document attachment that supposedly contains health tips to counteract the virus. A potential variant of this type of scam is the false claim that a vaccination is available, and you need to click on a link for more information. If opened, the document will prompt you to enable macros in order to view the contents as it was created on an “outdated” version of Word. Unfortunately, enabling macros allows malicious code to be run – one such example is a banking trojan called “Trickbot.” The original intention of this piece of malware is to steal confidential information from your computer, but it can also be used to install other stages of malware. For example, your machine could lie dormant as a part of a botnet, ready to be used by an attacker for malicious activity.
Another common example is a coronavirus map scam. These messages claim to provide access to a map tracking the location of cases throughout the country. Attackers will even go so far as to design fake maps that look like this kind of tracker while it is generating a malicious binary file to be installed on your device.
It is also important to know that coronavirus-related spear-phishing campaigns have been documented. These messages are much more targeted and may appear to be genuine, such as messages claiming to be from your child’s district stating that there is an outbreak in the school. Clicking on the link may prompt you to enter your child’s social security number, date of birth or even financial information. It is possible these are part of a multistage attack to download malware and steal money or other personal information.
These are just a few examples of coronavirus-related phishing attempts, but it is possible you may encounter many others. Here are a few additional tips to help you avoid these scams:
- Always check the sender email address to see if it’s really coming from a reputable organization such as the World Health Organization or your child’s school.
- Hover over links to see where they are going – do they go to a site associated with the sender, such as something on the WHO website or to the school website?
- Is the email asking you for personally identifiable information, such as banking information or your social security number? This is information you should never send via email or randomly enter a web form, regardless of context.
- Did you open an attachment that is asking you to enable macros to view it? You should never have to click on anything in a document to view its contents.
- Cross-reference information in the email with a reputable news source. If it is referring to something that has not been reported regarding the crisis, it’s most likely a scam.
As always, please send any suspicious emails to cybersecurity@fnal.gov and we will be happy to assist you further. We hope you stay safe and well during this time!
Jessie Pudelek is a computer security analyst at Fermilab.