When Phishing goes Viral

How attackers are using social media to create COVID-19 specific phishing campaigns.

The coronavirus, or COVID-19, has affected the lives of millions of people and businesses around the globe. Changes in behaviors resulting from the changes we have had to make to live and operate have opened up new attack vectors for attackers. Change brings innovation, but also risk. By raising awareness we can find the right balance of safety and usability.   In this blog, I’ll   address some of the most common security threats facing people during lockdown. 

Following the overwhelming amount of news coverage surrounding the uncertainty about the virus and constant changes in public guidance and business services, we have seen a new wave of phishing attacks.

This is taking the form of emails and texts, claiming to be from legitimate organisations, with promises of information and news about the virus, fake discounts and offers and even government grants. Fake tax rebates, for example, have stepped up in frequency, as have fake vouchers apparently from major super markets. In such cases, emails may ask you to open an attachment or follow a link to see the latest statistics, download a voucher, or log in to an imposter website. 

If you click on the attachment or link, you are likely to download malicious software (malware, for short) to your device. The malware could allow a malicious actor to take control of your computer, log your keystrokes, or access your personal information and financial data; which could ultimately lead to identity theft or credit card fraud. 

Social Media accounts can also pose a risk as the information you share can be used to inform such attacks. If you are sharing things like the name of your child’s school it would be fairly easy for an attacker to find out the name of the head teacher. Similarly sharing social clubs and groups you attend or the doctors you are registered with could be used in an attack. Now, more than ever, that advice from professionals is to be careful about the information you share publicly and don’t accept friend requests from people you don’t know. 

An example of a typical scam: 

  • A parent receives an email with a link purporting to be a school teacher to download an app for the student.
  • The email provides what seems to be links to Google Play and the App Store, with what appear to be official Google and Apple logos. 
  • When the user clicks these icons, they are immediately prompted to download the app, rather than being sent to the application stores.
  • Once the app is downloaded and the device owner has given it the appropriate permissions, the device is fully compromised.

How do I spot a phishing email?

Coronavirus-themed phishing emails can take different forms. So far we have had reports of cyber-criminals sending  phishing emails designed to look like they are from the NHS, government, school or your company. The email might falsely claim to link to provide some information or updated policy.

The example above shows what a fake health-advice email looks like. Phishers have sent emails that offer purported medical advice to help protect you against the coronavirus. The emails might claim to be from medical experts in your area.

Cyber criminals also appear to be targeting workplace email accounts. One phishing email begins, “All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you’ll download malicious software. An example of one of these e-mails can be seen below:

How do I avoid scammers and fake ads?

Scammers have posted ads that claim to offer treatment or cures for the coronavirus or special discount/voucher. The ads often try to create a sense of urgency, for instance, “Buy now, limited supply.” These pose a number of risks. .

You might click on an ad and download malware onto your device.

You might buy the product and receive something useless, or nothing at all. Meanwhile, you may have shared personal information such as your name, address, and credit card number. It is smart to avoid any ads seeking to capitalise on the coronavirus.

What should I do if I think I have received a phishing email or text?

Here are some ways to recognise  and avoid coronavirus-themed phishing emails:

  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your National Insurance number [NI Number] or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data. 
  • Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Report the email and Delete it. 
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email.Report it and delete it. 
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information, right now. Instead, report the message and delete it.

While COVID-19 itself presents a significant global security risk to individuals and organisations across the world, cybercriminal activity around this global pandemic can result in financial damage. It can also promote dangerous guidance, ultimately putting additional strain on efforts to contain the virus. These scams aim to exploit peoples’ fear and uncertainty concerning the spread of the disease. It is impossible to predict its long-term impact; but it is possible to take steps to help protect yourself against coronavirus-related scams.