Coronavirus Scams 9 Keys To Protecting Your Organization And Users

Coronavirus Scams: 9 Keys to Protecting Your Organization and Users

Arraya Insights | April 20, 2020

cyber crime fraud coronavirus

Cyber scammers love a crisis and the current coronavirus outbreak is no exception. As employers and employees alike struggle to find their way in this new (and hopefully short-lived) reality, criminals are finding that business is booming. Fear and uncertainty are tools of their trade and both are, sadly, in ample supply. Compounding the problem is the fact that so many users are working remotely, in many cases for the first time. It’s up to security teams to ensure that, despite unnerving headlines and unfamiliar, potentially chaotic, work environments, users don’t let their guards down.

To keep users and, by extension, the organization digitally safe, it’s important to look at the tactics currently being employed by scammers. KnowBe4, a firm specializing in cyber security training and awareness, outlined one particularly cruel phishing campaign making the rounds. Researchers documented emails claiming someone the recipient knows had recently tested positive for COVID-19. It directs the recipient to download an attached form before heading immediately to a local medical facility to be tested themselves. The story is, of course, fictional, and the form is actually a backdoor for dangerous malware.    

That’s just one of the ways in which cyber criminals are weaponizing coronavirus fears. Cons involving fraudulent applications have also been observed in the wild. ABC News detailed a malicious Android application masquerading as a means of tracking local coronavirus cases. Once downloaded, the app would request broad control over the device and, if granted, would proceed to lock everything down. Victims would then be forced to pay a ransom in order to regain control.

Attackers have even exploited authentic sources of coronavirus information. For many, the Johns Hopkins coronavirus dashboard has served as a trusted resource and a regular online stop. Pooling data from the World Health Organization and the Centers for Disease Control and Prevention, the tool offers a graphic, real time depiction of the disease’s spread. Criminals took notice of the traffic generated by the dashboard and began incorporating it into their campaigns. Emails circulated promoting downloadable versions of the dashboard, which proved to be password-targeting malware.  

For those wondering just how low criminals will go, here’s an indication. There have been cases of scammers posing as doctors in need of payments to treat a target’s sick relatives. Criminals have also attempted to pass themselves off as worthwhile charities in need of financial support to continue their lifesaving work. Other criminals have sought to take advantage of increasing economic and financial fears by posing as government officials with essential information regarding a target’s social security benefits or the cash payments promised as part of the stimulus package. Still others have disguised themselves as suppliers requesting payment for life-saving medical supplies.

Researchers have also observed coronavirus-themed malware strains that do more than lock down a user’s device. Presenting itself as ransomware, the malware is actually far more destructive, rewriting a device’s master boot record and effectively locking users out of their device. Some have been observed stealing passwords before trashing a device.  

These are just a few of the ways in which cyber criminals seek to benefit from the unprecedented situation occuring all around us. The threat facing security pros and users has never been greater. However, common best practices can still go a long way toward thwarting malicious actors.

9 keys to keeping users safe from coronavirus scams

The Cybersecurity and Infrastructure Security Agency (CISA) shared some advice on how to stay digitally safe as the coronavirus outbreak unfolds. At their core, these tips may look familiar to anyone in the business of maintaining cyber security hygiene. However, they’re absolutely worth sharing with users throughout any organization as a steadying reminder during uncertain times.

CISA recommends:

  • ignoring unsolicited links and attachments in emails
  • seeking out trusted, vetted sources for coronavirus updates, including certain government sites and reputable news sites
  • keeping personal or financial information out of email communications, particularly from unsolicited sources
  • committing to charitable donations only after verifying an organization’s authenticity or sticking to more mainstream, well-known groups

Security pros can supplement that advice with some general anti-phishing, anti-malware best practices, such as:

  • looking closely at the sender’s email address, keeping an eye out for signs that the person may not be who they claim, including sneaky substitutions like two n’s instead of an m or an uppercase I in place of a lowercase L
  • hovering over – but not clicking – hyperlinks to see where they lead. Malicious emails may promise that a link leads to a government site. Hovering a cursor over the hyperlink could reveal a lack of a .gov address or, again, a suspicious misspelling that indicates a lack of authenticity
  • considering the sender. Emails from, say a healthcare organization, are typically triggered by something like attending or scheduling an appointment and not sent out of the blue. When in doubt about a message’s authenticity, reach out to a healthcare provider, insurer, whoever by phone and ask to speak to someone for more information
  • vetting unsolicited attachments. A phone call is a good way to validate a message as well as its attachments. Attackers have gotten very skilled at hiding malware in legit-looking email attachments. Before clicking on an unexpected purchase order or some other document, confirm the authenticity of it by reaching out to a manager, customer contact, or – to play it extra safe – security personnel
  • playing the role of grammar police. Grammatical errors and typos happen to the best of us. Not every dangling modifier is a sign of malicious activity. However, if the body of a supposedly domestic email reads like it was run through Google Translate once or twice, it may be worth putting on a detective cap and assessing the email further before interacting with it 

Next Steps: Putting security best practices to work for you

There’s no overstating the scope of the task facing security teams. Those in need of a hand with architecting or deploying the security tools and strategies necessary to keep their workforces safe should reach out to Arraya today. Simply head over to https://www.arrayasolutions.com/contact-us/ and let us know how we can help.

What steps have you taken to ensure your teams don’t fall victim to the rising tide of coronavirus-inspired scams? We want to hear from you. Send us your thoughts and insights on social media. We can be found on: LinkedInTwitter, and Facebook. While you’re there, follow us to stay up to date on our industry insights and unique IT learning opportunities.