Hornetsecurity warns of phishing and malware attacks pretending to be in the name of global health organizations

Reports in the number of new cases of infection with the coronavirus are appearing rapidly . The pictures of sealed-off cities and people in quarantine , draw a horror scenario. But the virus is not only a risk in the analogue world: the growing insecurity is shamelessly exploited by cyber criminals with targeted phishing and malware campaigns. There is now also a “danger of infection” by email.

Since the beginning of February, the Hornetsecurity Security Lab has observed an increased volume of emails sent in the name of the World Health Organization and the Centers for Disease Control and Prevention. The messages explicitly take advantage of people’s fear of the virus.

For example, a link provides an alleged list of new cases of infection in the immediate vicinity. The recipient would be able to access this list by entering an email address and a password. This is a classic phishing email that is intended to steal sensitive data. In other cases a download link or an attached document is offered. Both promise information on security measures to protect against infection.

If the link is clicked or the document is opened, a malicious file will be downloaded. There is a big risk that the IT system could be infected with a virus or ransomware. 

Increase of attacks with current reference

The Hornetsecurity IT experts point out that more and more often current events with a high emotional relevance are being used as hooks for large-scale phishing and malware campaigns. By affecting and sensitizing people to these issues, the emails of cyber criminals receive more attention and appear more credible. The probability that the messages will be opened increases.

The Coronavirus mailing is only one of many current cases. There have also been similar mail attacks with regard to the climate protests initiated by Greta Thunberg, the GDPR and the bush-fires in Australia, which were all intercepted by Hornetsecurity.

Since email communication in companies is still the number one gateway for cyber attacks, employees must be sensitized to this issue in addition to setting up effective protection mechanisms. Detecting phishing emails is not easy – but not impossible either. The following points should be checked:

  • The sender’s email address can provide information about the true origin of the message. If it is not plausible, contains spurious letters or cryptic symbols, this is a warning sign.
  • Large-scale phishing campaigns often only use a general form of address for the recipient.
  • Incorrect spelling and grammar and an unprofessional layout are also an indication.
  • The use of pressure plays a significant role. This is intended to undermine critical thinking.
  • Cyber criminals often try to get the recipient to open a URL or attachment. Also email attachments can cause serious risks.