Whenever a tragedy strikes, it doesn’t take long for scammers to come crawling out of the woodwork with some type of enterprising scheme designed to prey on the emotions of well-meaning individuals. Over the past few months alone, for example, we’ve seen scammers run fake fundraisers for the brush fires in Australia and sell counterfeit Kobe Bryant memorabilia.
In light of all that, it’s perhaps not surprising at all that some scammers are now taking advantage of the persistent fear surrounding the coronavirus to spread malware to unsuspecting individuals.
Originally brought to light by CheckPoint, some scammers have been sending out emails that appear to include official documentation and insignia from local and global health organizations When a seemingly legit attachment is subsequently opened, the victim’s computer becomes infected.
The most prominent Coronavirus-themed campaign targeted Japan, distributing Emotet – the leading malware type for the 4th month running – in malicious email attachments feigning to be sent by a Japanese disability welfare service provider. The emails appear to be reporting where the infection is spreading in several Japanese cities, encouraging the victim to open the document which, if opened, attempts to download Emotet on their computer.
There are also reports that scammers are employing phishing emails with malicious links that, at first glance, appear to direct users to the official website of the Center for Disease Control and Prevention (CDC) when in fact they’re directed to a page that encourages them to enter in their email credentials.
A similar scam purports to come from the World Health Organization and encourages users to enter their email credentials.
Per usual, you should be wary of any unexpected email that comes from an organization and asks you to either download a file or enter in your credentials. It may seem like common knowledge, but with fear surrounding the coronavirus still very prevalent, scammers are hoping that many people will have their guard down and willingly hand over potentially sensitive information.