Known COVID-19 Scams

by Sarah Bryson

Updated: April 16, 2020

The COVID- 19 pandemic is an easy vector for scammers to use to take advantage of these anxious times. Scammers use fear and desperation to prey on those most vulnerable by turning to technology to deploy scams with grave effects. Listed below is an ongoing list of known COVID- 19 related current scams to protect the public from compromise.

The heightened sensationalism from COVID- 19 has everyone anxious and afraid of the coming months.

Keep the following in mind for your security:

• If it’s too good to believe, it probably is... COVID-19 insurance won’t just magically appear, [thing 2], and [thing 3]. Resist the urge to click on links that are unfamiliar or unknown.
• Be suspicious of unsolicited new emails, links, and attachments. Follow the US Department of Homeland Security’s guidance for emails links and attachments.
• Scan emails and links for misspellings- in both email addresses and links before clicking. Especially if guided through redirections.
• Do not divulge personal or financial information in an email and be extremely weary of emails asking for this type of information.
• But, above all, WASH YOUR HANDS and practice social distancing to protect yourself and your loved ones.  

Live Coronavirus Map Used to Spread Malware

Scammers are spreading a real-time, accurate dashboard about global infection rates produced by Johns Hopkins University. They are taking advantage of a Java-based malware deployment that spreads malware that steals passwords.

Here is the link to the secured version of Johns Hopkins University interactive map.

Phishing Emails

Hackers are taking full advantage of these situations by creating simple phishing emails under the guise of COVID-19 health insurance policies or important information regarding updated university schedules. Most of these attacks hope to gain personal information, email address, and passwords of the victim, but some aim for much more.

One of the most sophisticated phishing email attacks is the BlackWater Malware abuse. Scammers are distributing a compressed file entitled “Important-COVID-19.rar.” that, when opened, exfiltrates data while also becoming controllable by the scammer.

Distributed Denial of Service

The US Health and Human Services Department suffered a cyber-attack campaign of disruption and misinformation on Monday, March 16. This attack overloaded the Health and Human services server with millions of hits over several hours. The National Security Council has since issued a tweet warning to be wary of “fake” text messages from a person’s “military friend” that the President will institute a mandatory two-week quarantine.

For any information regarding government orders and recommendations for COVID-19 always refer to the Center for Disease Control here.

COVID-19 Themed Multistage Malware

Bad actors lure more victims who are looking for information about the pandemic. A malicious email that delivers a multi-stage malware was found that spoofs a World Health Organization email and pretends to provide recommendations to the victim:

From: World Health Organisation <info@who.org>
To: xxx
Subject: CORONAVIRUS TRAVEL RECOMMENDATIONS

Dear Sir / Madam,

Following the vertiginous spread of the CORONAVIRUS epidemic, which has
already left more than 4,200 people dead and 119,000 cases worldwide; we
recommend these sanitary measures.

Download these measures [1]

Kind Regards,

WORLD HEALTH ORGANIZATION

Fake Documents Required During a "National State of Emergency"

The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a "National State of Emergency", which are conveniently attached to the email.

The 3 files are:

1. A bening, legitimate and signed PE file: AutoIt interpreter
2. A malicious, obfuscated AutoIt script, masquerading as a certificate
3. A file with a very high entropy (probably encrypted)
   

COVID-19 |ESF-17 Cyber Risk Management Bulletin

In addition to the health concerns and significant disruption to businesses we are experiencing, there is an increase in phishing and malware campaigns exploiting the COVID-19 pandemic. Read the below ESF-17 COVID-19 Guidance pdf for more details.

ESF-17 COVID-19 Guidance.pdf

Federal Government Warns of Potential Fraud Scams Surrounding COVID-19 Economic Impact Payments

The United States Attorney’s Office for the Eastern District of Kentucky and the Internal Revenue Service - Criminal Investigation (IRS-CI) is warning Kentucky taxpayers to be alert about possible scams relating to COVID-19 economic impact payments.

Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy

A new campaign of the Zeus Sphinx Trojan is targeting clients of US, Canadian and Australian banks using COVID-19 themed emails. Emails titled “COVID 19 relief” contain password-protected Word documents with malicious macros.

Beware of fake CDC emails with malware, ransomware

If you receive an email from the Centers for Disease Control it may contain a virus that could damage your computer. On Wednesday the National Sheriff’s Association issued a warning about fake CDC emails. According to the NSA the FBI is investigating bogus emails that are being sent to people claiming to be from the CDC, with links containing malware or ransomware.

COVID-19 Scam Targeting Phones and Android Devices

Recently, a malware attempting to take advantage of concerns around the coronavirus pandemic deceptively marketed itself as a fake coronavirus tracking application for Android devices, while actually encrypting user content and threatening to publicly leak the user’s social media material.

‍

About RADER - IT Security. Service. Solutions

RADER is a local IT Company based out of Lafayette, LA, servicing companies throughout the United States. Find out more about us or how we can seamlessly manage and integrate all of your technological needs.

‍