Gone phishing: Hackers use COVID-19 fears to attack business

Businesses in sectors like manufacturing, insurance and healthcare are especially vulnerable to phishing attempts in times of a pandemic. It is essential that employees stay vigilant and be wary of such scams.

FacebookTwitterLinkedIn
Gone phishing: Hackers use COVID-19 fears to attack businesses

"Criminal hackers routinely use natural disasters and viral news topics to launch attacks but with the coronavirus now a global pandemic, COVID-19-themed exploits have the potential to affect businesses on an unprecedented scale."

If you or any of your employees have received COVID19-themed emails on tax refunds, purported cures for coronavirus, health advisories and the like, it is best to be careful, because some viruses are e-borne.

A recent scam exploiting COVID-19 is a fake coronavirus threat map website that steals personal information from the panicked public. Researchers have found widely-circulating emails containing links to the bogus map that activate malicious information-stealing software originating from the AZORult malware family. The malware can be used to steal browsing history, cookies, ID/passwords, cryptocurrency, credit card information stored in users' browser history, and more. It can also download additional malicious software onto infected machines.

Criminal hackers routinely use natural disasters and viral news topics to launch attacks but with the coronavirus now a global pandemic, COVID19-themed exploits have the potential to affect businesses on an unprecedented scale.

Hackers are taking advantage of the fear and uncertainty to prey on individuals and worm their way into business networks. They are targeting, for example, employees of companies that are vulnerable to global supply chain disruption such as manufacturing and shipping, as well as sectors like hospitality, healthcare and insurance, which are heavily impacted by the coronavirus pandemic. These employees would take a greater interest in COVID19-related news and hence may be more susceptible to social engineering exploits leveraging the coronavirus theme.

Remote workers who are telecommuting as part of their company’s social distancing measures are another target, with the possibility that they may lower their guard whilst working in a home environment.

Phishing campaigns, in particular, can be effective during a public health crisis because major companies and municipal authorities rely heavily on email to communicate policies regarding the outbreak and their plans for handling people who may have been exposed.

Since the coronavirus first surfaced, there has been a growing number of phishing emails claiming to be from health authorities and other legitimate organisations.

They operate in two main ways. According to a blog1 by cybersecurity firm Trustwave, some malicious emails lure victims to a phishing site using a link that closely resembles a legitimate URL, but hovering over it with the mouse will reveal the true web address.

An example is an email purportedly from the Centres for Disease Control and Prevention (CDC), with a subject header warning that the coronavirus is now airborne2. The email uses CDC’s actual email address but the link directs users to a spoof site that asks them to login with their email address and password. After that, users are redirected back to the actual CDC advice page, leaving them with no clue that they have been victims of a cyber exploit.

Meanwhile, the harvested credentials can be used for further exploits such as gaining access to a corporate network for various nefarious purposes. 

The second common tactic used in a phishing scam is to include a malicious attachment in the email. According to security firm Kaspersky, as of 13 March, more than 5133 different files with coronavirus in their title have been found to contain malware.

The email may suggest that the recipient needs to open the attachment to find out more about precautionary measures against COVID-19. Once the user does that, one of several things may happen.

He or she may be directed to a spoof website asking for their login credentials. For example, in February, an email was purportedly sent by a doctor claiming he had details about a COVID-19 vaccine being covered up by the Chinese and UK governments. It is estimated that 200,000 of such emails were sent out at a time, in a sustained campaign that lasted over 30 days. Victims who clicked on the attached PDF file were redirected to a webpage designed to harvest their login details.

The second thing that could happen when users click on the attachment is that malware is downloaded onto their computer. For example, there were emails purportedly from the World Health Organisation (WHO) claiming that an attached document contained information on how recipients could prevent the spread of the coronavirus. However, what the attachment did instead was to infect the computer with keylogging malware which tracks every keystroke made by the user, enabling hackers to capture information such as login credentials and other sensitive data.

Of even greater concern to businesses is the fact that these exploits may create openings for hackers to inflict greater damage through ransomware and other even more disruptive attacks. Earlier this year, some shipping companies received an email with an attached Word document, with a subject header that specifically addressed coronavirus fears in the sector. Clicking the document led to an infection by the malware AZORult which could, in turn, be used to download ransomware as a secondary infection.

In a similar example, emails were purportedly sent by a disability welfare service provider in Japan in January, claiming to have important information on the coronavirus. Clicking on the link downloaded the Emotet banking trojan onto the computer.

With the spike in email scams linked to the coronavirus, organisations need to be vigilant and ensure that their employees take steps to protect themselves – and the business networks – from these exploits. Some of the steps that everyone should take include the following: 

●       Treat all emails regarding COVID-19 with caution. Get your updates from reliable sources instead of spam.

●       Be mindful of the content of the email on what it wants you to do or access.

●       Check the link before clicking by hovering your mouse over it to reveal the true web address.

●       Beware of bogus websites that look identical to the legitimate ones.

●       Do not click on links or open attachments which you are not expecting, especially (but not only) if they come from an unknown sender.

●       Use a secure email gateway to stop phishing emails from getting to your employees’ inbox.

Download this datasheet and learn how to keep your emails safe.

Speak to us to protect your business from malicious attacks.

Phishing Attacks Discovered Using Coronavirus Theme

2 Hackers are now preying on the fear of COVID-19

3 Coronavirus: How hackers are preying on fears of COVID-19

You may also like

Bridging the cyber talent gap: Why training matters as much as hiringShare
Apr 2025 | -
cyber security
Bridging the cyber talent gap
Singapore is tackling the cyber talent shortage by creating new ways for people to enter and grow in the field—no tech background needed. With industry-led training and support from key industry players, these programmes focus on real-world skills and practical readiness, helping build a stronger, more resilient cyber security workforce for the nation’s digital future.
Shield against cyber scams through preparedness programmeShare
Mar 2025 | -
cyber security
Shield against cyber scams through preparedness programme
Cyber scams are evolving, exploiting both technology and human psychology, making cyber security training essential for organisations. Frost & Sullivan explores how Singtel’s CSI offers a comprehensive Cyber Scam Preparedness programme, emphasising shared responsibility and victim empathy to equip frontline employees as the first line of defence against cyber threats.
Organisations with managed connectivity and cloud-delivered SSEShare
Mar 2025 | -
cyber security
Securing organisations with managed connectivity and SSE
This infobrief explores how managed connectivity and cloud-delivered Secure Service Edge (SSE) can protect IoT and mobile-enabled organisations, highlighting the importance of robust security solutions to safeguard devices, data, and networks in an increasingly connected world.