How Cyber Criminals are Using Coronavirus to Commit Frauds
Given the great panic generated by the coronavirus a new alert has arised.
Hundreds of different criminal campaigns have been detected that have sent millions of fake emails to breach the security of users and businesses. Threats are constantly evolving because cyber criminals are always innovating and taking advantage of people’s vulnerability, which could be their interest in being informed or their fear of the pandemic.
The objectives of cyber criminals can be very varied, such as encrypting (hiding) computer data to ask for money in exchange for their release, which is known as ransomware or data hijacking; or simply stealing your online banking credentials to steal funds. This term refers to a fraud committed on the Internet when a criminal steals a user’s identity, posing as a reputable entity.
(1) Fake Campaign in the name of WHO
Recently the World Health Organization (WHO) issued a statement alerting about the existence of campaigns circulating through email in which cyber criminals use social engineering techniques to make the user believe that it is a legitimate email from the WHO with the aim of stealing money or personal information.
Cyber criminals have used the World Health Organization, duplicated their website and sent mass emails to thousands of users. In these, they warned about the risks and informed about symptoms and prevention measures.
A spam campaign of this kind has been circulating through email, pretending to be from the WHO with the intention of installing TrickBot malware. What it does is convince victims to download a Word file attachment that had malicious code embedded in it.
According to the researchers who detected and analyzed this campaign, once TrickBot is downloaded onto the computer, the threat collects information from the device, steals data and administrator credentials, and will attempt to move laterally across the network in search of more information and eventually download another threat.
The email subject was a list of recommendations to be protected from the spread of the coronavirus on behalf of a WHO doctor.
(2) GINP – Banking Trojan
Kaspersky also announced about the first time a banking trojan trying to take advantage of the pandemic has been detected, which they describe as alarming because it is very effective and affects the users of the Android operating system.
“Ginp” is a banking trojan that seeks to steal credit card information from its victims.
Android users to be especially vigilant at this time: updates, unknown websites and spontaneous messages about corona viruses should always be viewed with skepticism.
According to computer experts, the Trojan called Ginp is capable of inserting fake text messages into the inbox of an SMS application and has just added a new feature that will allow users to send and receive SMS messages.
Thus, once downloaded into the victim’s phone, this Trojan can receive an order from the attacker to open a web page entitled “Coronavirus search engine”, which claims that people nearby are infected with the virus. To find out where these people are, the victim is asked to pay the equivalent of 80 cents.
If the victim agrees, he is transferred to a payment page where hisher credit card details will be stolen.
(3) Phishing in Whatsapp
Phishing is a form of computer abuse that is characterized by the attacker trying to acquire confidential information fraudulently pretending to be an official page of some bank or other site where people usually enter their data.
Phishing campaigns that use the interest in covid-19 as a pretext are spreading more and more frequently. They seek not only to steal personal information from their potential victims, but also to spread false news and deliver unwanted publicity throughout the attack.
Phishing via WhatsApp promises “food aid” of products from supermarkets because of the quarantine and tries to take advantage of people’s need to provide themselves with food or other types of basic products.
A free food aid is mentioned for any country, which is a particular situation, because if it exists it should be sponsored by some international organization or by companies.
According to the information if the site is hosted in the “BLOGSPOT” platform, this could be a warning sign and that it is a free service that would rarely be used by any company or official body. On the other hand, as observed in many other phishing campaigns, the dynamics of the scam starts with a simple survey and the request to share the link to 12 contacts.
This is one way that cyber criminals seek to distribute the deception more effectively, since the message is more likely to be trusted if it arrives through a known contact.
So how to avoid falling into this trap?
- First, security checks must be made: the first is to check that the site is HTTPS, which means that it is a secure site. If, on the contrary, it is an HTTP site, it is better not to access the site. This can be checked by doing a manual search of the organization and checking that the link is the same.
- Second, you should not enter personal data or passwords on sites that are not secure.
- Third, if you want to access the information in any case, do not enter the same password that you use for personal sites or social networks.
What to do if you are a victim?
If you are a victim of fraud, you should change your password, both for mail and for social networks to which your mail and password are linked. And remember to be vigilant at all times and avoid falling for this scam.
Hi, I am Nikesh Mehta owner and writer of this site.
I’m an analytics professional and also love writing on finance and related industry. I’ve done online course in Financial Markets and Investment Strategy from Indian School of Business.