Allure Security Navigation Logo

How Malicious phishing sites are taking advantage of COVID-19 (Novel Coronavirus)

coronavirus

Attackers prey on customers

I’ve written before about how adversaries exploit the trust customers have in well-known brands. Attackers specifically build spoof sites targeting well-known companies because they can capitalize on its customers’ loyalty. If a highly convincing fake domain and a corresponding phishing email sent to a victim carry the name of a company buyers trust, they’re more likely to click on a link and be captured by a malicious phishing site. A customer’s trust in the brand is part of the cybercriminal’s strategy. 

But that’s not their only weapon. Sometimes, fear is a more effective motivator to dupe a victim into taking an action and having their information captured. The current global public health crisis around COVID-19, also known as the coronavirus, is a real-time example. Communities around the world are concerned and many are in need of accurate information on how to protect themselves. Unfortunately, the combination of fear, confusion, and the lack of factual information serves as fertile ground for cyberattacks. 

Feeding on Fear: Malicious websites proliferate

In a matter of months, we have already seen a proliferation of web domains containing the words “corona” or “covid.” A recent blog published by Check Point reveals that a URL containing one of these word variations is 50 percent more likely to be malicious than any other new domain registered during the same time period. These malicious sites are expected to be used in phishing campaigns. Many of these unauthentic domains and corresponding emails claim to be data repositories for information about the virus, or they claim to sell face masks, vaccines (which don’t exist, yet), or home tests that can detect COVID-19.

Phishing Email Example
A fake email has the logo of the World Health Organization on it. (Sophos Ltd.)

The situation has become severe enough for the U.S. Department of Homeland Security to issue an alert to all citizens warning them of the risks. Here’s an excerpt from the alert:

“CISA encourages individuals to remain vigilant and take the following precautions.

Can Trusted and Verified be Trusted? Trusted sources harder to find

The problem with the advice to “use trusted sources” is that, with the help of automated website scraping tools, just about anyone can throw together a legitimate-looking news site or spoof a credible government or healthcare site. Adversaries can even register fraudulent domains through SSL, making them appear to be verified and trusted sites.

It’s a sad reality that hackers like to exploit the fear and uncertainty that often surround emergencies. It’s these times, where a large number of people are very afraid and searching for reliable information, that we are most vulnerable to these types of scams. Unfortunately, we know all too well that bad actors all over the world will continue to find ways to use the coronavirus as a way to launch more attacks against consumers. And we also know that frightened consumers will continue to click on links and unwittingly give up their private information and credentials, believing that they’re visiting legitimate websites.

Protect your brand and your customers

Companies at particularly high risk during a health crisis like this include healthcare organizations, HMOs, health insurance companies, hospitals, and research labs. These organizations hold very sensitive patient information that is in high demand by cybercriminals. It’s important for these businesses and government agencies to closely monitor for any spoof websites being built to mimic their own domains, as consumers look to their local or trusted healthcare partner for current information about the virus. Protecting employees of healthcare organizations is important, but it doesn’t go far enough. It’s the average consumer who will be more likely to click on a link to a malicious domain. 

Now is the time for the business community to ramp up vigilance, preserve customer trust, and go farther to protect end-users from cybercriminal activity.

Post Date
Author