Apparently, with nothing else better to do, cybercrooks have decided to ride the wave of fear connected to the coronavirus outbreak in hopes of fleecing some consumers.
Reports are starting to pop up that phishers are sending out malicious links and PDFs masquerading as information consumers can use to protect themselves from the virus. In Los Angeles County, public health officials put the public on notice that a letter to locals about a coronavirus in Carson City was completely bogus.
North of Los Angeles, the school system raised a red flag on false social media reports about the outbreak. School districts in San Diego and Arizona also put out a similar alert.
What to be on the outlook for
The cyber security firm Mimecast took to Twitter to report it had detected one of the phishing emails, and it read like this:
Go through the attached document on safety measures regarding the spreading of the corona virus. This little measure can save you.
Use the link below to download (followed by a link to a PDF entitled “Safety Measures”.
Symptoms Common symptoms include fever, cough, shortness of breath, and breathing difficulties.
Dr. (name redacted)
In ComputerWeekly’s coverage of the scam, security software company Kaspersky reported that its researchers had come across at least 10 different messages, some with a movie file (mp4) or a Microsoft Word file (.docx).
IBM’s X-Force uncovered another that appeared to be sent from a disability welfare service provider in Japan, simply saying that there have been reports of coronavirus patients in the Gifu prefecture in Japan. It urges the reader to view an attached document, but clicking on the link allows hackers access to their system and information.
Don’t put your trust in an email or a social media post
Swindles riding on the back of a health outbreak or a major disaster aren’t going away anytime soon.
"Unfortunately we see this often in geopolitical events and world events," Francis Gaffney, the director of threat intelligence at Mimecast, told Wired. "This is when cybercriminals seek opportunities to use the confusion that vulnerable people have. They’ll click on links because they’re not sure."
When a consumer gets an email or sees a social media post that offers a solution, help, etc., the smartest thing to do is go all the way up the food chain and contact the federal agency or topmost business related to the situation BEFORE opening any attachment, responding to any email, or putting any charge on a credit card. In short, stay vigilant.
“One fascinating aspect of phishing and online malware infections (including ransomware), is that the same concept is generally true,” Dan Lohrmann, Chief Security Officer & Chief Strategist at Security Mentor Inc. told GovernmentTechnology. If the bad actors are not successful in getting the user to click on Coronavirus-labeled content today, they will be back tomorrow with a new technique.”
In the coronavirus case, the best place to go is the Centers for Disease Control and Prevention (CDC). It has a complete rundown of everything related to the virus and can answer any questions you might have.
“So we all must prepare now and spread the word,” Lohrmann concluded.