Close

March 13, 2020 • RBS

It has only been two days since our last article on modern phishing attempts, but unsurprisingly, malicious attackers will always find new ways to target individuals and organizations. This time, hackers are installing malware on computers and harvesting user credentials by preying on people’s curiosity and fear of the coronavirus (COVID-19).

Business Insider recently reported that attackers are spreading false COVID-19 dashboards, which in many cases infect computers with malware when opened. In addition, there are other reported attacks where scammers pose as the CDC, advising that there are new COVID-19 cases reported in the user’s city and requesting that they follow a link to learn more.

From there, clicking the provided URL covertly redirects the user to a spoofed login page. If the user completes the process by providing their credentials, they are now compromised.

Methods of Prevention

Unfortunately, the continued use of old phishing attacks has proven that preaching abstinence from clicking unverified links doesn’t bring the desired outcome. Especially in a situation like this, where virtually the entire world has its eyes on the latest COVID-19 developments.

COVID-19 #Coronavirus Data Pack

Stick to Reliable Sources

For those who want a reliable source of information regarding COVID-19, John Hopkins University and The New York Times have reliable, non-malicious trackers.

Tips for Your Coworkers

As always, be extremely cautious when it comes to hyperlinks (we can’t say this enough). You cannot trust where it will take you if you do not 100% trust the source.

In situations where you land on a website that seems suspect, there are a few general steps you can take to help verify its authenticity:

  1. Check the URL – Make sure that the URL matches the content; especially if the content is a routine for you. We tend to let our guard down with things that are familiar. See one of our previous articles for some examples.
  2. Check the hyperlink preview – In our last post, we examined a fake forum that enticed users to click a suspicious link that was disguised as a .torrent file. If the hyperlink is attempting to completely redirect you to an unrelated site, don’t click.

    Ex. google.com
    (This is safe to click, unless you really don’t like Ask.com)
  3. Read the language – Comb through for blatant spelling/grammatical errors. Aside from that, phishing attempts can be pretty good at projecting extreme urgency. If you are in a panicked state of mind, you are less likely to question a request. So think logically, and use your better judgment.
  4. Follow your organization’s security guidelines – Guidelines exist for a reason. Organizations have countless endpoints in their networks and it only takes one mistake for a compromise. Let’s all do our part to help prevent attackers from profiting from times like these.

It can sometimes be difficult to differentiate fact from fiction. But if we all keep a level head and maintain a healthy level of scrutiny, we can help prevent a different kind of outbreak for our organizations.

In time, COVID-19 will come under control if we all do our part. In the meantime, we must ensure that efforts to exploit this global pandemic go unrewarded.

Our products
VulnDB
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
YourCISO
Risk Management
Learn more
Request Demo