In times of crisis, cybercriminals invariably take advantage of the growing concerns of the public. In the case of the coronavirus, they have done so by sending phishing e-mails that play on the fears surrounding the spread of the illness.
A number of reports have emerged of e-mails purporting to provide advice or assistance relating to COVID-19, but which are actually 'hooks' to spread malicious content, or to drive people to websites intended to harvest personal details. Many of the phishing e-mails use the names of trusted organisations such as the World Health Organization (WHO) or the U.S. Centers for Disease Control and Prevention (CDC) to add credibility to their content. A report published on March 20, 2020 stated that victims of online scams had lost £960,000 in coronavirus-linked cases since the start of February[1].
Some e-mails encourage the user to open an attachment that may contain malware. Identified cases include examples where attackers run code on a user's computer or track their movements, steal information through keylogging, or lock files on the user's device and demand a ransom for their reinstatement. Other instances have been reported of malicious files being distributed through copies of healthcare company or government agency websites[2,3].
Figure 1: Examples of identified coronavirus-related scam e-mails: (i) mail containing potentially-malicious attachments; (ii) mail offering the sale of a 'vaccine' but actually likely to be associated with an advance-fee fraud
Some types of phishing e-mails drive users to lookalike websites intended to harvest log-in details; others directly solicit for payments. One particular case asked for Bitcoin donations, allegedly to aid the CDC in the search for a vaccine[4].
References to coronavirus have also been used in more familiar types of phishing campaign, such as those targeting financial-services brands. In one example, we identified phishing sites targeting numerous different banks, all hosted on a mortgage-related domain name in a sub-directory named 'COVID-19'. Additionally, a banking client was subjected to a phishing attack using a site hosted on the domain name [brand]covid-19.com.
Fraudulent coronavirus communications may purport to provide benefits. One reported SMS-based scam offered free iPhones to encourage recipients to click a link to a fake site. Other reported scams include e-mails offering payday loans, tax rebates, insurance schemes or trading advice in response to the crisis, or offering products billed as coronavirus cures[5,6].
Figure 2: Example of a fake government website hosted on a coronavirus-specific domain name, associated with a phishing scam using an SMS message offering a tax refund
As the crisis has progressed, there has been a rise in phishing activity over social media, typically involving fake accounts. Given the speed with which content can spread across social media - particularly in the current climate of fear - such scams have the potential to reach large numbers of people in a short time[2].
How to keep your customers safe
It is important to keep your customers, as well as your own employees, safe by making them aware of how to spot a phishing e-mail. Tips for spotting phishing emails are generally the same as for most fraudulent campaigns. It may be a good idea to educate your customers as to what to expect from your company, and what a phishing scam may look like. Here are our tips for spotting a phishing e-mail:
- Pay attention to the originating e-mail address and the host domain of any embedded links; fraudsters may attempt to pass off their messages as being from a legitimate organisation (say, company.com) by using variants of the official domain name, such as company.org, or company-safety.com, in order to construct a convincing sender address. Even if an e-mail appears to use the official domain name, it is possible this information may have been spoofed.
- Hover over links without clicking them. Many fraudulent e-mails may show the legitimate domain in the visible link text while actually directing elsewhere. Bear in mind that even an e-mail linking to an official site may incorporate a malicious attachment.
- Look out for anomalies in the e-mail text. A phishing e-mail could have:
- A generic rather than personalised greeting
- Spelling or grammatical mistakes
- Messaging that conveys a sense of urgency or has a deadline by when to act
- Other requests for personal information[7]
How CSC can help brand owners
CSC’s Anti-Phishing service can aid brand owners in detecting fraudulent e-mails and associated websites that may incorporate their branding illegally to add credibility. Our technology makes use of a combination of honeypot e-mail accounts and other mail sources (i.e. customer abuse mailboxes, and feeds from anti-fraud and security providers) to attract as large a cross-section of general spam traffic as possible to detect phishing e-mails. E-mails are analysed, and embedded links crawled, to identify potentially fraudulent sites. We then use customer-specific rules to look for brand references and other associated keywords, in addition to comparing the fingerprint of the site against other known cases of fake content. When fraudulent content is detected - generally considered a contravention of terms and conditions by a number of internet service providers - we have a number of enforcement options to ensure the swift removal of the website.
References
[1] https://www.bbc.co.uk/news/uk-51964507
[2] https://www.mayerbrown.com/en/perspectives-events/publications/2020/03/dont-panic-stay-calm-legal-strategies-for-addressing-coronavirus-phishing-scams-in-hong-kong
[3] https://www.worldtrademarkreview.com/anti-counterfeiting/covid-19-phishing-warning-uspto-responds-wipo-election-microsoft-sued-news
[4] https://www.recordedfuture.com/coronavirus-panic-exploit/
[5] https://www.forbes.com/sites/mattperez/2020/03/16/coronavirus-scams-watch-out-for-these-efforts-to-exploit-the-pandemic/#443d4eaa6103
[6] https://news.sky.com/story/coronavirus-criminals-exploiting-covid-19-pandemic-with-email-scams-11959433
[7] https://us.norton.com/internetsecurity-online-scams-coronavirus-phishing-scams.html
This article was first published on 16 April 2020 at:
https://www.cscdigitalbrand.services/blog/coronavirus-online-threats-part-4/
Also published at:
http://www.circleid.com/posts/20200423-coronavirus-online-threats-going-viral-part-4-phishing/
.jpg)
No comments:
Post a Comment