Speculative Phishing in the time of Coronavirus

Speculative phishing is currently the type of phishing  that mostly takes advantage of the emergency due to the Covid-19. It is a type of scam that exploits the virality of certain phenomena to gain fraudulent advantages out of it. One example is last year’s mail-spam campaign related to Greta Thunberg, in which users were invited by hackers to support her environmental activities. The bad guys are now exploiting the new viral phenomenon that speculates on the general vulnerability and global fear caused by the Coronavirus emergency. 

The most common scams in the days of Covid-19 

In recent weeks there have been several phishing campaigns that seemed to aim at spreading important information about the Coronavirus outbreak. Only in March, in fact, malware with this specific theme has increased fivefold. The purpose of these messages is to infect devices with malware and then steal sensitive information or bank details. Users are asked to open deceptive attachments, click on fake links or provide confidential information. 

For example, several false fundraising campaigns are circulating for the coronavirus emergency, two of them have been reported by the Postal Police: their aim seems to be raising funds for national hospitals to purchase material intended for intensive care…but the IBAN provided doesn’t correspond to the real structures’ one. 

false guides to avoid contagion are also common, the most popular is sent via an attached file named CoronaVirusSafetyMeasures_pdf, which actually contains a Rat (Remote Access Trojans) virus, capable of acting remotely. Once the file is opened, the virus will infect the device by taking control of it in an absolutely invisible way, stealing sensitive data. 

In addition to the guides, false information was also disseminated, such as simulating the coronavirus contagion map  that faithfully reproduced the graphics used by Johns Hopkins University systems. This map contained the AZORult infostealer malware, which is able to collect information such as names, ID/passwords, payment card numbers, cryptocurrencies and other sensitive data around browsers. It seems that in the first 20 days of March,  16,000 infected sites were created, with fake maps that claim to be up-to-date on the epidemic. 

False official communications also arrive from political institutions, or addresses that really look like those of banking, insurance and postal services. 

A very special case is that of the emails that come from a Japanese medical center, with attached a file with alleged updates on the progress of the coronavirus. 

Last but not least, speculation about the health crisis, led cyber criminals to also use a fake World Health Organization email to install malicious software capable of infecting computers. 

How to protect yourself from speculative phishing 

The good news is that simply opening an email does not expose us to the risks of scams or viruses. The problem arises if we download or open the malicious contents of the email. 

Don’t panic and ask yourself these questions before clicking on anything: 

  1. Was this mail expected? 
  1. Are the sentences written with correct grammar? 
  1. Does the software to be installed have a specific purpose? 
  1. Do any links in the email point to known sites? 
  1. Is the sender correct? 

When in doubt, it is always better to verify the request by contacting the sender if you know the person, while for an institution, rather than a gym or a service provider, the advice is to browse the official website to check the reliability of what is requested, or possibly contact the offices directly. 

In any case, always avoid providing personal information or login credentials in response to an email request, as no bank or non-profit institution, for example, would ever ask you for this information via message. 

How to Stem Speculative Phishing in Smart-Working Times 

Companies can now control all the technical aspects related to the remote safety of their employees, but they have no control over the human factor and, in this period of emergency, it is easy to make trivial mistakes. 

To protect themselves, therefore, each organization should invest precisely on the human factor, increasing the awareness of non-specialist staff on cyber threats with continuous and gradual e-learning training paths. 

Because speculative phishing threats can only be defeated through ongoing training activities on Security Awareness.

For more info…