FTC Warns of Ongoing Scams Using Coronavirus Bait

Source: Bleeping Computer / Sergiu Gatlan

February 11: The U.S. Federal Trade Commission (FTC) warns about ongoing scam campaigns that make use of the current Coronavirus global scale health crisis to bait potential targets from the United States via phishing emails, text messages, and social media.

The World Health Organization (WHO) announced on January 30, 2020, that the new 2019 novel Coronavirus (also known as 2019-nCOV and Wuhan coronavirus) outbreak is a public health emergency of international concern. […]

Coronavirus scams and malicious attacks

“Scammers are taking advantage of fears surrounding the Coronavirus,” the FTC says. “They’re setting up websites to sell bogus products, and using fake emails, texts, and social media posts as a ruse to take your money and get your personal information.

“The emails and posts may be promoting awareness and prevention tips, and fake information about cases in your neighborhood.

“They also may be asking you to donate to victims, offering advice on unproven treatments, or contain malicious email attachments.”

The FTC also provides the following measures you can take to make sure that you won’t get scammed or get your computer infected with malware after falling for a scammer’s tricks:

  • Don’t click on links from sources you don’t know. It could download a virus onto your computer or device. Make sure the anti-malware and anti-virus software on your computer is up to date.
  • Watch for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying that have information about the virus. For the most up-to-date information about the Coronavirus, visit the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO).
  • Ignore online offers for vaccinations. If you see ads touting prevention, treatment, or cure claims for the Coronavirus, ask yourself: if there’s been a medical breakthrough, would you be hearing about it for the first time through an ad or sales pitch?
  • Do your homework when it comes to donations, whether through charities or crowdfunding sites. Don’t let anyone rush you into making a donation. If someone wants donations in cash, by gift card, or by wiring money, don’t do it.
  • Be alert to “investment opportunities.” The U.S. Securities and Exchange Commission (SEC) is warning people about online promotions, including on social media, claiming that the products or services of publicly-traded companies can prevent, detect, or cure coronavirus and that the stock of these companies will dramatically increase in value as a result.

Coronavirus-themed phishing campaigns and malware

Multiple active phishing campaigns using Coronavirus lures have already been detected in the wild by security researchers, targeting individuals from the United States and the United Kingdom while impersonating the U.S. CDC officials and virologists, and warning of new infection cases in the victims’ area and providing ‘safety measures.’

A sample phishing email spotted by KnowBe4 shows attackers trying to camouflage their spam message as an official alert distributed via the CDC Health Alert Network informing US-based targets that the “CDC has established an Incident Management System to coordinate a domestic and international public health response.”

An embedded malicious hyperlink is camouflaged as a link to the official CDC site and it is used to redirect the victims to attacker-controlled Outlook-themed phishing landing pages used for harvesting and stealing their user credentials.

Coronavirus phishing email sample
Coronavirus phishing email sample (KnowBe4)

Another phishing campaign using a Wuhan Coronavirus bait targets both US and UK targets was spotted by security firm Mimecast.

“The sole intention of these threat actors is to play on the public’s genuine fear to increase the likelihood of users clicking on an attachment or link delivered in a malicious communication, to cause infection, or for monetary gain,”  Mimecast’s director of threat intelligence Francis Gaffney explained.

These series of phishing mails ask the recipients to “go through the attached document on safety measures regarding the spreading of coronavirus.”

Coronavirus phishing email sample
Coronavirus phishing email sample (Mimecast)

The Coronavirus health crisis is also used as a lure by a malspam campaign targeting Japan with Emotet malware payloads via messages alerting of Coronavirus infection reports in several Japanese prefectures.

Just as the actors behind the phishing campaigns KnowBe4 and Mimecast spotted, the Emotet gang is also known for quickly taking advantage of trending events and nearing holidays, like a Greta Thunberg Demonstration or the 2019 Christmas and Halloween parties.

The security research team MalwareHunterTeam also shared several malware sample that include Coronavirus references including a Remote Access Trojan (RAT), a Trojan, a stealer/keylogger, and a wiper

MalwareHunterTeam 'Coronavirus' wiper

“High levels of concern around the Coronavirus are currently being used to increase the online popularity of spam campaigns designed to spread fake news and drive unsuspecting users to dubious online drug stores,” according to a report published by Imperva researchers today.

“For people searching for genuine information on Coronavirus, this is polluting their online search results with fake and meaningless results,” the researchers further explained.

“Not only does the content of this spam do nothing to help people in their quest to educate themselves on this global health risk, but bot operators are using technology to exploit the public’s need for medical information in order to gain a few more clicks to their fake pharmacies.”

Source: Bleeping Computer / Sergiu Gatlan

Previous Article
Next Article