News

Chrome Malware Extension Campaign Discovered: What Steps Do You Need To Take?

Malware is lurking on many browser extensions. Read how to find it and prevent it. Read More

Check File Extensions To Help Prevent Malware Infections

Microsoft users should change their defaults, and all users should check extensions before downloading a file. We examine. Read More

Working Remotely Increases Cybersecurity Risks On All Fronts

Extensive cybersecurity training for all employees, with additional training for remote workers, can help reduce cyber risks. We examine how remote work environments increase risk. Read More

COVID-19 Conspiracy Theory Phishing Scams Are Starting To Surge

Cybercriminals are using a variety of coronavirus-themed scams to hook their victims. Their continued focus on the topic suggests that it has proved a lucrative form of cybercrime.

 

Some phishing emails promise users secret remedies or unreleased "cures" for the coronavirus. Other campaigns "abuse perceived legitimate sources of health information to manipulate users."

 

Researchers at Proofpoint have noted that the latest round of coronavirus-themed scams are using new malware, including AgentTesla Keylogger and

the NanoCore RAT, to steal their victim's personal and financial information. Coronavirus-themed emails are also linking users to fake Office 365, Adobe, and DocuSign sites designed to steal their credentials.

 

Cybercriminals have also increased the number and variety of industries that they are attacking with coronavirus scams. Attacks continue to focus on the shipping industry while expanding to include manufacturing. Cybercriminals have also created tailored attacks against construction, education, energy, health care, industry, retail, and transportation organizations. Sarah Coble "Cyber-criminals Lure Victims with Coronavirus Cure Conspiracy Theories" infosecurity-magazine.com (Feb. 13, 2020).

Commentary

Many of the coronavirus phishing messages circulating now play on some peoples’ tendency to believe in conspiracy theories.

 

For example, one such phishing message called “Confidential Cure Solution on Corona virus” states that coronavirus is a “deadly virus developed and sprayed by wicked scientists to reduce the population of the world so the government will have control over you.” Victims are then instructed to download a document that claims to contain a cure for the virus.

 

Although the source of the emails are unknown, there is speculation that some originate from bad state actors.

 

Phishing emails are often meant to create panic. Conspiracy phishing works based on natural curiosity, but also because it creates panic that others have knowledge that could save you and your family. By being ignorant of the truth, you and your loved ones will suffer.

 

You are probably dealing with a phishing email if the email messages: claim to have knowledge that no one else does; claim to have discovered connections that no one else sees; claim to have solutions that the government or scientists don’t want you to know about; or if it claims that powerful forces carried out an act that most people believe was caused by nature, or that some bad actor is trying to gain world domination.

 

If you receive an email or text message that sounds like a conspiracy, do not click on any link or attachment in an email from an unknown source. Forward the email to the APWG, the Anti-Phishing Working Group, at reportphishing@apwg.org and then delete it. Never reply to the sender or engage in any way.

Finally, your opinion is important to us. Please complete the opinion survey:

Sign In

Are you a new user?

Register here

Retrieve password