Whenever there is breaking news, opportunist cyber-criminals are never far away in the event of a crisis as there is always something to take advantage of. They look for innovative ways to con people out of money and the global spread of Covid-19 has presented another huge opportunity.
The World Health Organisation has officially classified the outbreak as a global emergency, and since then there has been a populational shift towards conducting their daily work in self-isolation, and as they do so, they are even more susceptible to a plethora of new coronavirus-related scams.
Every day there is new news and it’s scary, so the public’s guard is down. They want to do the right thing and continue to protect themselves and their family, so they make quick decisions based on fear not facts. By design, cybercriminals are deliberately scaremongering to make profit.
Email scammers often try to elicit a sense of fear and urgency in victims. It’s not surprising that they would attempt to incorporate the coronavirus into that playbook so quickly. But the move illustrates how phishing attempts so consistently hew to certain time-tested topics and themes.
“Unfortunately, we see this often in geopolitical events and world events,” says Francis Gaffney, the director of threat intelligence at Mimecast. “This is when cybercriminals seek opportunities to use the confusion that vulnerable people have. They’ll click on links because they’re not sure.”
CISA has also published a document detailing risk management actions for executives to consider “to help them think through physical, supply chain, and cybersecurity issues that may arise from the spread of Novel Coronavirus.”
Hackers are already impersonating the UN’s health agency to carry out a variety of scams, from account takeovers to phony donation requests and the spread of malware. The FTC is also warning of “spoofed” emails, text messages, and phone calls that claim to be from the Centres for Disease Control (CDC).