Scam emails and phishing campaigns are surging as the
COVID-19 pandemic is taking hold on a global level. Bitdefender telemetry reveals
that attackers are changing and diversifying their messages to reach as many
people as possible.
Most phishing campaigns follow a shotgun approach, which
means that criminals send messages indiscriminately, trying to reach as many
people as possible. Usually, this is achieved through the use of zombie bot
networks that send thousands of emails to addresses leaked in various data
breaches.
As you can imagine, the messages contain all kinds of
information about
the pandemic or use it in some way to trick users. Most of the time,
they try to persuade users to open an attachment and install some form of
malware.
Spreading like wildfire
Bitdefender spotted a growing trend a month ago when the
number of malicious reports jumped from 1,448 in February to 8,319 in the first
16 days of March. This represents a
475% increase in a single month.
Healthcare firms – hospitals & clinics,
pharmaceutical institutions and distributors of medical equipment – were the
most common targets, but the malicious emails are spreading into the general
population and other industries as well. Here are a few examples of spam
intercepted by Bitdefender’s detection engines.
Purchase Department
This one is addressed to a company’s purchase department,
asking for a Swift quote, urgently. The attacker claims that it needs an offer
soon and you only need to check the attachment, which actually holds an
executable file.
UPS – Pending delivery
Since a lot of people are staying inside, many products
are now delivered directly to the house or apartment. So attackers have crafted
a message that simply says the following: “Your package has reach our warehouse
and due to coronavirus outbreak, you will need to come to our warehouse to get
it, check the attactment for details.”
Although riddled with grammatical errors, such messages
always try to make people look inside the attached files. In this case, the
attachment is an ISO file so, when the user opens it, the operating system
mounts the ISO as a DVD, which has an executable file inside, waiting to deploy
malware on the device.
Your Staff
Finally, another malicious message is addressed to companies, claiming to show a picture of infected people inside the organization: “Please find attached the picture picture of your staff with the COVID-19 viral infection. We have commenced her isolation and tracing all previous contacts.
You are advised to inform all other persons in your
organisation to quickly begin the self isolationprocedue before their result is
anounced.”
Of course, people are invited to open the attachment, an
IMG file, which also opens as a mounted DVD, revealing an executable file.
Coronavirus spam is here to stay
We have already seen a substantial increase in malicious
spam, and there’s no indication it will slow down. If anything, the messages
and malware are going to change with the evolution of the pandemic, which means
that people need to always be on guard.
As usual, the best possible course of action is to never
open emails from unknown sources. Or, in this case, if it comes from seemingly
official sources such as the World Health Organization, the CDC, or some other
authority, it’s likely fake. Finally, having a powerful security solution
installed should be a bare minimum for any user.