Cyber Attacks Increase as Cybercriminals Capitalize on COVID-19 Fears

These phishing emails are typically marketing coronavirus information and ask you to open an attachment to see the latest news and statistics.
Published: March 20, 2020

With everyone hunkered down, working from home, taking online classes or just killing the time browsing the web, cyber attacks are exploiting the public’s fears about the coronavirus and using email phishing schemes.

These emails are typically marketing COVID-19 information and ask you to open an attachment to see the latest news and statistics. That’s a pathway to giving the hackers your information or downloading malicious software onto your device.

According to cybersecurity firm Norton, these emails will typically masquerade as official alerts from the U.S. Centers for Disease Control, health advice from specialists and workplace advisories. One new phishing scam that targets college students and staff members aims to capture log-in credentials to infect their computers with malware, reports EdScoop.

Hackers Targeting University Students, Staff Members

According to software company Abnormal Security, the hacker responsible for this scheme is taking advantage of the fact that “students and staff are likely highly attuned to any news about a university’s response to the outbreak, and thus are more likely to engage with an email about it.”

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

The attacker created an email that appeared to come from the school’s board of trustees. It then directed students and staff members to a page from the college’s “health team.”

“The URL written in the email does not match the actual URL to which recipients were directed,” Abnormal Security’s advisory said. “This URL led to a page made to look like an Office 365 login page. Presumably, the attacker hoped that a victim would be flustered enough by the supposed update to come to assume that they’d been inadvertently logged out of their Office 365 instance and enter their credentials here.”

Between 10,000 to 20,000 mailboxes received the phishing email.

Here are some ways to spot a phishing email, according to Norton:

  • Legitimate government agencies won’t ever ask for sensitive information in an email. Never give out your personal information to an unknown source via email.
  • Verify that the email and link are legitimate before clicking anything.
  • Spelling and grammatical mistakes are common in phishing attacks. Delete those.
  • Phishing emails usually contain generic greetings and likely won’t use your name.
  • If a sender is urging you to take immediate action and provide personal information, it’s a phishing attack.

The trend has become so prevalent that the U.S. Federal Trade Commission has even issued an advisory asking end users to not clink on any links from unknown sources.

As always, you should only get your information about COVID-19 from trusted sources like the CDC, World Health Organization and reputable news organizations.

Other COVID-19 Cyber Attack threats

If any email contains an offer for a vaccination or treatment, ignore it immediately. If there were a treatment or vaccine available, you wouldn’t find out about it via email from a strange source.

Be wary of solicitations for donations. The FTC says to do your homework when you’re being asked to donate to help fight the virus. Don’t donate if you’re being asked to send cash, a gift card or wire money.

Cybercriminals are smart, and they follow the headlines and aim to capitalize on the public’s fear.

Zach Comeau is the web editor for CS sister publication My Tech Decisions. Robin Hattersley is CS editor-in-chief.

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series