As the COVID-19 outbreak creates fear and panic, cyber-criminals are leveraging this as a way to steal passwords and access personal data. People are naturally searching online for the latest information and updates about how this outbreak could affect them and when, and what they should preemptively do to protect themselves and their families.
In one study, Check Point found that coronavirus related domain registrations are about 50 percent more likely to be from cyber-criminals than other event related domains, such as Valentine’s Day domains. For example, Johns Hopkins has created an interactive map of all COVID-19 cases and their various stages. However, cyber-criminals have already threatened to compromise this map and create their own versions with malware. Johns Hopkins has urged users to make sure they are only interacting with the map on the official Hopkins website, and to not download any maps as this is how cyber-criminals are targeting them.
In addition to malware, cyber-criminals are utilizing phishing campaigns as a more direct way to attack vulnerable people during this time. They are targeting both regular citizens and organizations, in an attempt to capitalize off of fear and need. In these phishing campaigns, they will include attachments to download that will then download the malware on your computer and copy all of your documents and saved information. They will also include links in hopes that you will mindlessly click, thus giving them exactly what they want.
Cybersecurity professionals are sharing their own Coronavirus defense when it comes to these cyber-attacks. Some of these precautions include not downloading unknown attachments from unknown sources, do not click on websites or outsourced links that you are not familiar with or that seem untrustworthy at all and many other tips from CISA.
Cyber-criminals will label their links, attachments and campaigns using headlines of common news articles. Here are the main topics being targeted:
• “Check Updated Coronavirus Map in Your City”
• “Coronavirus Infection Warning from Local School District”
• “CDC or World Health Organization Emails or Social Media Coronavirus Messaging”
• “Keeping Your Children Safe from Coronavirus”
• Also phone calls or texts about raising funds for “victims"
Remember to always Think Before You Click!
This is a link to the World Health Organization you can visit to report a scam should you come across one: https://www.who.int/about/report_scam/en/