Emails masquerading as government announcements
Threat actors are sending phishing and BEC emails disguised as government announcements. Fraudulent emails have included logos and other imagery associated with the Centers for Disease Control (CDC) and the World Health Organization (WHO). Emails include links to items of interest, such as "updated cases of the coronavirus near you." Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.
Operational and industry disruption
The spread of COVID-19 is disrupting temporary supplies and revenue in some industries. Cybercriminals hope victims will mistake their malicious emails for legitimate ones. For example, emails with subject lines like “Coronavirus – Brief note for the shipping industry,” have been sent to employees of companies in industries being disrupted by the virus. Some campaigns have even been disguised to look like invoices, shipping receipts and job applications. BEC campaigns are targeting manufacturing, finance, pharmaceuticals, healthcare and transportation companies. False emails typically include attachments that contain malware designed to harvest sensitive data, or harmful ransomware that could disrupt access to, or availability of, information systems.
We have seen a rise in malicious emails directing recipients to educational and health-related websites riddled with malware. One email, masquerading as a notice from a virologist, read: “Go through the attached document on safety measures regarding the spreading of coronavirus. This little measure can save you.” Recently, coronavirus maps have enticed users to click on maps loaded from legitimate sources that run malware in the background.
False advice and cures
Emails purporting to hail from regional medical providers, sent to people in Japan in January and February, were among the first coronavirus-related phishing attacks. Some phishing emails invite recipients to download attachments containing “secret cures” for the virus. The attachments instead contain malware designed to steal the personal and financial information of the victim. Some emails include conspiratorial and false claims that COVID-19 was manufactured to reduce the world population.
Another phishing campaign involves emails designed to mimic the CDC, soliciting donations to fight the spread of the virus. The emails appeal to recipients’ altruism, urging victims to donate into a Bitcoin wallet or to make other types of payments. The CDC, a federal agency under the Department of Health and Human Services, is taxpayer-funded and would not solicit donations. Other malicious actors may create fraudulent charities. One should never donate to charities via links in emails; instead, give at the charity’s website. Follow fundraising platforms’ guidance on how to recognize and report fraudulent charities.
Fraud that go beyond business email compromise
Your cybersecurity team should coordinate fraud detection and response with your organization’s fraud management teams. During crises and economic downturns, many other types of frauds increase, and they can be harder to detect and may require adjustment to controls to mitigate the risk. For example, customer account security controls, such as risk scoring models, will need to be recalibrated to discern fraudulent transactions from legitimate transactions. Fraudsters may target different products than they did prior to the crisis, as customers may change behaviors and preferences amid the crisis and the economic downturn.