Malicious Parties Phishing With The “Corona Cure”

https://coronavirus.jhu.edu/map.html

As the pandemic continues, we are all looking for the latest information or data in order to keep ourselves and our family’s safe. You would have most likely seen an increase in emails from all the companies you associate with, giving you an update on what they are doing during this crisis.

For most, finding out what that company you purchased those shoes from are doing during this crisis will comes as minimum concern. We all are focused on keeping our families safe, healthy, fed and a roof over their head. Some of you will be the heroes that are working night and day to keep us safe and healthy (heroes!!).

This doesn’t mean everyone though…..

Malicious parties know that all this stress can cause lapse of judgement and this is what they prey on. Recently we’ve all been Googling looking for Corona maps, updates, latest figures and seen/clicked on all those new stories shared on social media. Although the majority of those may be genuine, you can’t forget that people are seeing this crisis as a money-making opportunity.
I’m not talking about that local garage or that guy in the US….https://www.nytimes.com/2020/03/14/technology/coronavirus-purell-wipes-amazon-sellers.html

I’m talking about Phishing and Watering holes. The BBC did a piece recently that shows a few examples of recent Corona Phishing attacks which is defiantly worth the read (takes a few mins).

These are just a few examples which are trying to steal your money, credentials or personal details. With Phishing, the advice I always give is “Go direct”. If your bank or government are emailing you with the “latest information, cure or financial alert”, it will most likely be on their website or your account (Once logged in). If you can’t find it, ring the number on the website. If it’s important or confidential, it’s often not worth the risk.

It’s important to remember that it won’t just be about the “cure”. Governments and countries are offering finical support or loans. Phishers will use this model in their attacks, and you may start to see them in your inbox. Again, my advice would be that if it looks too good to be true, fake or phishy, go direct. If you are a little more confident, you can do the following: https://securethelogs.com/2019/10/25/useful-sites-to-help-identify-a-phish/

Smishing and Vishing are also techniques that they may use, and you can’t always validate who someone is over the phone. You’ve most likely heard about these types of attacks targeting the elderly and stealing their money. Given that they are in the top categories of risk, this attack may be more effective for attackers so do warn your grandparents.   

Watering Holes.

Much like what is described in this article, https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/ malicious parties will be creating fake or malicious websites in order to infect visitors. Given the crisis, this attack doesn’t need much work. They would know that people are surfing the web for information, so all the need to do is make it onto Google or share it on social media. Then all they need to do is wait until you come to the watering hole (malicious site).

When you see titles such as “China doesn’t want you to know this secret…” or “The US find a cure”, just be careful on what you are clicking on. Facebook, Twitter or LinkedIn can’t and won’t stop all malicious links and these links could infect you. Shown here, there are ways around their security checks: https://securethelogs.com/2019/11/18/keeping-safe-on-linkedin/

This includes mobile devices as well. All those “tracker” apps may contain malicious files so please don’t start downloading them all. Remember that your phone basically has your life on it, so don’t put it at risk by downloading all these new apps. If you are going to, research them first.

Hopefully this has come at some value and helped keep you safe (online) during these hard times. The last piece of advice I would share is that you should stick with what you know. For example, don’t go searching on page 2 of Google for a Corona map, when you can either visit the link at the start of the post or, use Microsofts: https://www.bing.com/covid

Stay safe!

One thought on “Malicious Parties Phishing With The “Corona Cure”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s