Warning against malicious phishing campaigns related to coronavirus

The National Cyber Security Centre SK-CERT warns against large-scale sophisticated phishing campaigns that exploit concerns about the spread of Coronavirus Disease 2019 (COVID-19). Attackers impose the virus-induced fear atmosphere and the associated reduced people’s ability to detect malicious content. Their aim is to obtain sensitive data, spread malware, or for example scaremongering.

Examples include phishing e-mails that have been distributed on behalf of the World Health Organization (WHO). The messages contain a text attracting the attention of the recipient, e.g.: “Go through the attached document on safety measures regarding spreading of coronavirus”, or “This little measure can save you”. E-mails often represent a credible copy of the e-mails that WHO normally distributes what increases their credibility. Such e-mails and their attachments may contain malware, links to malicious websites, or various, non-functioning, but paid instructions on how to prevent the infection, or offers of harmful and dangerous products that are claimed to be effective vaccines. The aim of such messages is, in particular, to obtain personal and other sensitive data from the victim, particularly login data to bank services, credit card numbers, but also direct-fund sending.

Malware Lokibot was distributed in Asia through a malicious attachment that took a form of instructions on how to defend against the virus and what measures to take.

Phishing is a type of social engineering attack when the attacker through the electronic communications tries to lure a victim and illegally obtain user data, including usernames, passwords, credit card details, and personal information, in order to use them for stealing money or blackmailing. The global health crisis, such as the spread of the virus, creates a huge number of opportunities for criminals. Attackers misuse rash-headed behaviour of people accompanied by fear, because a person in a stressful situation does not act sensibly and more often violates the principles of cybersecurity.

Regarding the situation, SK-CERT recommends at work with e-mails, social networks and chat apps the following:

  • do not open unverified messages or messages from unknown users,
  • do not open suspicious attachments (even in known formats like .pdf / .docx and others),
  • do not open suspicious URL links,
  • turn off the attachment preview function when using e-mail apps,
  • in case of suspicion to verify the content of the message with the sender in another form (by phone or in person),
  • never respond to messages requesting any personal and sensitive information (login names, passwords, payment information).

« Späť na zoznam
Current threats
all publications
Links