Phishing scams around COVID-19

February 18, 2020

Scammers love a crisis.  They have been exploiting fear and curiosity around the COVID-19 outbreak to scam unsuspecting online users and obtain sensitive information.

And they made it seem like the emails came from reputable authorities. From what we know, at least two phishing emails appeared to come from the Centre for Disease Control & Prevention (CDC) since the world saw the coronavirus outbreak in December 2019. Here are some notable ones:

Scam email that appeared to come from CDC
In a bid to trick unwitting users into clicking a link and entering their credentials, attackers promised to provide a list of active infections in the surrounding area if they do so. See a sample of this phishing email obtained by Kaspersky.

CDC bitcoin donation campaign
Another email obtained by Kaspersky also showed its sender as Center for Disease Control and Prevention and tries to solicit bitcoin donations from unsuspecting users.

“Singapore Specialist: Corona Virus Safety Measures.”
Mimecast detected spam emails titled “Singapore Specialist: Corona Virus Safety Measures.”, which had a malicious link to them. When clicked, the link installs malware. See a sample of this phishing email.

Email from “World Health Organisation”
Security software firm Sophos reported a phishing email that seemed to be sent by the WHO. Users are enticed to click a link in the email that alleges to be “safety measures” that can be taken against COVID-19 infections.

Stay safe and vigilant online, folks.

For more content like this, follow us on web and our social channels.