Researchers at cybersecurity companies Trustwave Holdings and Sophos warn of a new wave of phishing email scams that take advantage of some users' panic over the Coronavirus outbreak (COVID-19). Cybercriminals impersonate entities such as the World Health Organization (WHO) or the North American Disease Control and Prevention Center (CDC), disseminating false information and leading victims to compromise the safety of your personal data and devices.
In the phishing campaign detected by Sophos in Italy, one of the countries most affected by COVID-19 in Europe, the attackers pretend to be an Italian WHO representative, who indicates that the user must urgently read the attached document.
When opening the Word file, the victim will encounter messages asking to activate the edition and the contents present in it. By activating macros, the victim will be installing malicious software that will send your private information to a remote server.
Trustwave Holdings has encountered two different types of phishing scams. In the first, users receive an email supposedly from the CDC with a URL address where they can check how many cases of COVID-19 infection there are in the city where they live. However, the connection is not valid. By clicking on the address, the victim is redirected to a fake website that looks like Outlook and collects their access credentials.
In the second case of phishing identified by Trustwave Holdings, users receive an email indicating that they must read the attached PDF file, which contains information about the measures to be taken to prevent a possible COVID-19 infection.
Upon opening it, the victim will come across an image with a hyperlink asking you to use Microsoft PDF Reader to access the document. When clicking on the address, the victim is taken to a copy of an access page, where, as in the previous case, you are asked to enter your username and password.
The WHO has already issued a statement alerting the population to the use of its name and image in fraudulent schemes, whether by email, SMS or even by phone calls. The organization clarifies on its website that it never asks the public to enter access credentials to be able to access information or to visit an address outside its network of pages.
It is recalled that Kaspersky experts had already alerted the public to a similar situation in late January. At issue were documents online with alleged instructions on how to protect and detect COVID-19 and that masked malicious software such as Trojans and worms. Threats are capable of destroying, blocking, modifying and copying data, and interfering with the operation of computers and computer networks.
To avoid being caught by phishing strategies, cybersecurity companies and the WHO recommend that you remain calm and do not be overwhelmed by panic. If you receive a suspicious email from a public health entity, check that the sender's electronic address and the links in the body of the text are legitimate. Also, opening the attached files is not a good idea at all. If, by chance, you ended up logging on to a fake page, it is best to change all your passwords immediately.