Cyber criminals are exploiting anxiety surrounding Coronavirus in order to launch email phishing campaigns designed to infect computers with malware that steals victims’ banking credentials. The same malware will also rope infected computers into global botnet.

To date, the Coronavirus phishing mails have been detected in Japan. The emails urge users to open an attached document which it claims contains information about the spread of the virus. The emails have a degree of credibility because they also contain information about how to safeguard against infection.

The hacking group behind the emails is well-known and has a reputation for well-planned and sophisticated attacks. As such if significant numbers of people in other countries are infected by the Coronavirus these phishing emails are also expected to be launched beyond Japan into other relevant geographies.

Furthermore, the registering of Coronavirus-themed URLs and websites has also been detected. These websites are designed to play on the fears of infection and will try and lure users, for instance, into buying ‘Coronavirus masks’ and so on. While none of these websites are yet active, many are in place and will be activated if and when the Coronavirus spreads further.
 
  • This type of activity serves as a reminder to exercise caution regarding emails and websites related to current events.
  • Be extremely wary of emails and websites that try and propel you into taking urgent action, especially those related to the Coronavirus.
  • Exercise caution and only visit verified and trusted websites.

Greta Thunberg travels the world

A phishing email campaign that plays on the high profile of teenage climate activist Greta Thunberg has also been picked up in 12 countries.
 
  • The emails offer free Greta Thunberg branded items such as pens, t-shirts, mugs and posters, ostensibly as a way of raising the issue of climate change.
  • Recipients are urged to open an attached document which its claims contains the location, and date and time, that people need to attend in order to claim the free goods.

If the attachment is opened the same banking malware used in the Coronavirus phishing campaign is downloaded.

The Greta Thunberg phishing expedition to date has been detected in Australia, Austria, Barbados, Germany, Hong Kong, Japan, Malaysia, Singapore, Spain, Switzerland, United Arab Emirates and the US, and could well be heading your way.

Exploiting confusion and current affairs

It’s a common trick for cyber criminals to exploit global events to carry out cyber-attacks and email phishing campaigns.

This opportunistic approach is particularly typical of phishing campaigns so it always pays to be on guard when receiving unexpected emails and especially so if they relate to not only current events but also calendar days such as Valentine’s Day and Easter.