Update (03.09.2019: World Health Organization (WHO) issued a warning regarding the cybercriminals that pretend to be WHO.
The World Health Organization announced it would never ask users to login to view safety information or email attachments the users did not ask. At the same time, WHO mentions that it would not ask users to visit a link outside its website, charge money to apply for a job. Also, WHO will never conduct lotteries or offer prizes through email, neither will ask for donations directly to emergency response plans.
The coronavirus websites plant more malware, as hackers see an opportunity at this time. In fact, they are exploiting the user’s curiosity on the web, as the coronavirus is affecting more people around the world. With more and more cases globally, people naturally search online for the latest updates. So, it is the best time for cyber criminals take advantage of the situation.
According to a new Check Point report, “Coronavirus-related domains are 50% more likely to be malicious than other domains registered at the same period.” Also, the researchers discovered that this is higher than recent seasonal themes such as Valentine’s day.
They discovered more than 4,000 coronavirus-related domains registered globally. And all of these have appeared since January 2020. 3% of them were found to be malicious and 5% are suspicious.
The security researchers say that attackers use most of the domains for phishing. But others try to trick users by posing as sellers of face masks, vaccines and home tests that could detect the coronavirus.
Moreover, the attackers focus mainly on the most affected areas. So, a coronavirus themed phisihing campaign recently targeted Italian organizations. It hit over 10% of them trying to exploit concerns over the growing number of infections.
How do they act?
An email with the subject “Coronavirus: Informazioni importanti su precauzioni” pretends to come from a doctor from WHO. In fact, it contains a malicious document attached named f###########.doc (#=digit). The attachment asks the user to click “Enable Editing” or “Enable Content” in order to read it. But this leads to the download of a Trickbot downloader. This is a dominant banking Trojan and the attackers update it constantly.
In order to avoid scams, specialists advise us to follow some simple rules. First of all, pay attention to the emails and files received from unknown people. Especially if they ask for actions we do not usually do. Secondly, buy things online from trusted sources and do not click on promotional links in emails. And thirdly, beware of special offers. Scammers usually promise things that users can not check. The coronavirus websites such as cures for the Coronavirus