Beware of cyber criminals exploiting COVID-19 pandemic

We find ourselves in a perilous time, but unfortunately, the coronavirus isn’t the only threat to be wary of. It should come as no surprise that cyber criminals around the world would leap at the opportunity to exploit the COVID-19 pandemic. These circumstances have created a host of vulnerabilities for users – and the villains of the Web have been updating their playbooks to exploit them.

Remote workers lack enterprise-level security measures

The ability to have staff work from home is a lifesaver, but it does pose new risks in terms of security. Few people have security on their home devices that’s equivalent to the enterprise firewall of their office environment. This elevated risk for remote employees means the onus is on them to be especially vigilant.

Cyber criminals know this, and they also know that people everywhere are hungry for information about the pandemic and are anxiously reading about new developments. This is why they’re using seemingly helpful e-mails to spread malicious files. Efforts to exploit this situation have evolved in recent weeks, but they’re still using a familiar set of tricks that are simply rehashed with a COVID-19 theme.

How COVID-19-related phishing evolved

The first appeared when the outbreak started to become a global issue with straightforward spoofing of official sources of information such as the World Health Organisation, government bodies and even the HR departments of targeted organisations. 

The second wave was a wide array of new and inventive scams being put into practice as offenders experimented with different angles. This was soon eclipsed by a third wave of familiar old phishing mail formats that were reskinned and disseminated on a massive scale.

Common COVID-19 phishing angles

Ever-adaptive cyber criminals were quick to start looking for ways to prey on fear and uncertainty as the pandemic began to dominate our lives. KnowBe4 , a US security awareness training platform, identified three distinct waves of phishing and social engineering activity.

While some fraudsters take the approach of using sensationalist news and conspiracies to lure users into opening an attachment or link, the more insidious angles of the third wave tend to imitate everyday corporate communications conceived specifically with remote employees in mind.

The imitation of file-sharing platforms like Dropbox, OneDrive and SharePoint is a prime example, with fake notification e-mails that contain links to spoofed login pages. Others seek to replicate secure document delivery services, invoices, purchase orders or delivery service tracking updates.

False internal corporate communications range from mundane IT or HR department policy updates related to the pandemic to dramatic announcements of infections in the organisation. CEO fraud or “whaling” need only mention current circumstances for an air of legitimacy to convince employees to take actions that compromise the company.

How to spot a threat

There are ways to recognise a suspicious e-mail and you and your teams can protect yourselves by looking for the following clues:

• Unsolicited e-mails using COVID-19 or coronavirus tags in the subject line such as “Coronavirus latest updates”.
• Unknown external links. Malware is being embedded in fake news sites that claim to provide information about the pandemic. An obvious sign that the link might be malicious is if it contains numbers in it, ie, [LINKSHIELD PROTECTED] discovery411.com.
• Reputable companies, particularly large companies, will not make use of public e-mail services like Gmail or Yahoo. So always check the e-mail address, ie, tomjones.discovery@gmail.com.
• Subject lines containing offers such as “We can offer you free COVID-19 testing.”
• Poor grammar and spelling.
• A request for sensitive information like banking details and personal data. Reputable companies never make these requests via e-mail.

More specifically, researchers at Trend Micro have warned the public to be on the lookout for these known file names for malicious attachments:

• CORONA VIRUS AFFECTED CREW AND VESSEL.xlsm
• CoronaVirusSafetyMeasures_pdf.exe
• LIST OF CORONA VIRUS VICTIM.exe
• POEA HEALTH ADVISORY re-2020 Novel Corona Virus.pdf.exe

The “exe” at the end of an attachment means “executable”, which means it will run a malicious program when you click on it. Users often only see the “pdf” in the attachment and assume it’s safe.

Take note that company logos and names can be faked, so don’t consider them as a mark of trust.

What to do:

1. Tell your employees to be on the lookout for scams or suspicious e-mails using the above-mentioned information as a guideline.
2. Encourage your team to only use trusted sites for coronavirus-related updates, www.sacoronavirus.co.za is the single source of information in South Africa.
3. Trend Micro has outlined several threats you should take note of and keep updated with as they escalate. These include shipping postponements, DStv issues and requests for medical information.

If you are concerned, require guidance or want to be better protected, we encourage you to contact our team through your sales representative via sales@synaq.com, and we will be happy to assist.