As we fight the spread of Coronavirus, the number of cyber attacks has been on the rise in recent weeks. And for good reason, cybercriminals are taking advantage of the fear associated with COVID-19 to disseminate false information and encourage users to click on malicious attachments or links.
Phishing and social engineering campaigns
Over 16,000 domain names linked to Coronavirus have been created since the beginning of the year, 3% of which contain malicious content. The latter could be used for phishing, a technique that consists of extorting personal information, or for spreading malware.
A few weeks ago, federal authorities tracked down and neutralized phishing sites that were trying to trap Canadians by imitating government platforms in the context of the current pandemic.
Other phishing emails pretended to be coming from the World Health Organization (WHO). The message was addressed to Italians and hackers pretended that “due to the large number of Coronavirus infections in the region”, WHO was making available to the public a document indicating measures to be taken to guard against the virus. Of course, the message, although signed by a doctor on behalf of WHO, did not originate from the health organization and its attachment contained a malware.
Cybercriminals are also playing with people’s emotions. They use social engineering techniques to create fake crowdfunding pages on behalf of people infected with the virus. Others will create fake e-commerce sites to sell you products such as:
- fake hydro-alcoholic gels;
- masks you will never receive;
- COVID-19 screening tests only available in hospitals.
Emails or malicious sites can also be used for spreading computer viruses.
Other emails claim to offer legitimate information about COVID-19. The recipient is invited to click on an attachment for more information. Those who fall into the trap then allow hackers to gain access to their data. The phishing campaign masquerading as WHO is a perfect example.
Trojans like Emotet, for example, can also render a user’s data inaccessible thanks to ransomware that will encrypt the data and demand a ransom to unlock it.
Others like Trickbot can steal data from browsers and applications, such as your login credentials but also your autofill data.
Finally, other sites replicated the Johns-Hopkins University of Baltimore’s map about the spread of coronavirus around the world. Unfortunately, a password-stealing code was hidden in the replicated map.
Fraud to the President and the fake supplier
There is a good chance that these fraud types will increase over the coming weeks and months.
A president’s fraud attempts to influence an employee of a company in issuing a significant emergency fund transfer to a third-party by order from Top Management.
Whereas a fraud by the fake supplier consists, for example, of sending an e-mail to an employee in the organization’s accounting or treasury department pretending to be a supplier and asking him to make the payments to another bank account belonging to the scammers.
The current period is favorable to these types of fraud. The hasty departure or release of several employees leads to a disorganization of the financial or accounting services with the consequence that verifications become either more complex or overlooked.
How to protect oneself?
In this period of health crisis in the face of COVID-19, combined with an unprecedented economic crisis, your organization must at all costs avoid the catastrophic effect that a cyberattack or cyberfraud can generate.
Therefore, it is critical that all your employees be made aware of potential hacking exploits:
- Treat unsolicited messages or calls with caution, especially when they request personal and/or confidential information;
- Do not open emails from suspicious senders or with dubious subjects. Delete them immediately;
- Do not download documents from unknown senders;
- Ensure that the accessed web site is legitimate, especially when ordering online;
- Check the fundraising events asking you to support hospitals, patients or research;
- Beware of fake-news and avoid transferring or sharing;
- Ensure that telework is performed using the proper security features such as a VPN.
We suggest that you refer to the Canadian Anti-Fraud Center which lists all the schemes and means used by fraudsters and cybercriminals to reach you.
Despite the previous recommendations, should your company fall victim of a cyberattack, please contact our specialized incident response team. We will deliver a team of cyber experts as soon as possible to remedy the situation and help you get back on your feet.
You may also wish to be ready for such potential events and call our cyberattack response service. Our annual ReaKtion subscription service enables you to be better prepared when facing a cybersecurity incident thus saving time and reducing the impact on your business. Contact us for more information!
Finally, please stay safely at home!