Security experts are warning of new phishing campaigns designed to capitalize on global fears of the fast-spreading coronavirus.
Last week saw the first reported UK infections of the virus, known for now as 2019-nCoV, after it spread around the world from an epicenter in Wuhan, China. Concerns persist over whether the true extent of the virus, which is said to have a mortality rate of 2%, has been downplayed by Beijing.
True to form, cyber-criminals are looking to exploit the widespread hunger for news about the outbreak by using it as a phishing lure.
Mimecast has detected one such campaign, with emails titled “Singapore Specialist: Corona Virus Safety Measures.”
Of course, clicking on the link in the email will lead to a covert malware download.
“The sole intention of these threat actors is to play on the public’s genuine fear to increase the likelihood of users clicking on an attachment or link delivered in a malicious communication, to cause infection, or for monetary gain. This is a rational choice by criminals as research has shown that over 90% of compromises occur by email, and that over 90% of those breaches are primarily attributable to user error,” explained director of threat intelligence, Francis Gaffney.
“There are a number of simple steps you can take to minimize your risk, such as using a reliable AV solution and following safe cyber-hygiene practices such as strong password usage and never enabling macros in any attachments if you do open them. I urge everyone to be vigilant at this time in relation to any emails or electronic communications purporting to be in relation to the support of those affected by the coronavirus.”
Kaspersky has also sounded the alarm over coronavirus-themed attacks. It detected multiple malicious pdf, mp4 and docx files claiming to contain updates and information on how to stay safe from the virus.