Since the World Health Organisation (WHO) declared the Coronavirus as an international emergency at the end of January, cybercriminals have predictably encorporated it into their last scams.
They have been sending out emails proporting to be from the Center for Disease Control and Prevention and the (fictional) Wuhan Medical authorities. These emails contain a link that will show an updated list of the new infection cases in your area or is a PDF that gives details on how to protect yourself from the virus.
Once the linked has been clicked or the PDF downloaded, a series of commands are launched that will covertly download the Emotet malware onto the victim’s computer. Once installed, the malware will allow hackers to steal sensitive information or delivery more dangerous payloads such as ransomware.
This Emotet malware is certainly not new and has been used before to take advantage of events and holidays. According to Bleeping Computer, there have been invites to a Greta Thunberg demonstration, Halloween party invites and Christmas party invites.
How to stay safe from phishing scams
- Never click on an email link or attachment from someone you don't know or are not expecting a link/attachment from.
- Always inspect a link by hovering your mouse over it. The tooltip will show you the true destination of the link.
- Never enter your account credentials when you are redirected to a page.
- It is very easy to spoof an email address, so even if it looks like it’s come from a legitimate domain, it may not be what it seems.
- Keep your software up to date and apply patches as soon as they are released.
- Make sure you have a decent antivirus/malware installed.
Remember, not all phishing emails are easy to spot. It's true that many are full of bad grammar and laughable pretentions. However, cybercriminals are ever increasing their sophistication and organisation.
In 2016, Gemma joined Optima’s network team. Her main priority is to provide support to our clients and internal staff. Gemma also takes care of the day to day running of the networking team, making sure all issues are solved within SLA’s and clients are happy with the support we provide. More about Gemma.
- How to spot phishing emails and other online scams
- How to use virtualisation for disaster recovery
- Which VPN software should you choose?
- How to safely browse the internet
- Check if any of your online ‘identities’ have been compromised with Hack Notice
- New scam attempts to blackmail people for ‘viewing adult content’