Coronavirus (Covid-19) – How hackers are using the pandemic for sophisticated phishing attacks.

Coronavirus Blog

The world is batting a pandemic and hackers as we all know are opportunists who feed off crisis like these. Since COVID-19 was declared a pandemic by the WHO, Cybersecurity experts have seen a rise in phishing attempts and the state of panic that’s gripping the entire nation.


What kind of attempts are being made?

Hackers have been targeting nations (Italy, China, Japan, South Korea and Japan) that have been hit hard or forced into a state lockdown due to the rising number of sick patients. As many businesses in the USA are facilitating their employees to Work from Home, experts say there will be a rise in Ransomware and phishing or Vishing attempts similar to what has happened in other nations.

In most cases, hackers would make phishing attempts via mail and in some cases giving a web link similar to that of accredited website or organization such as WHO, CDC ( Center for Disease Control) or other health organizations. In other cases, it would be a link requesting a donation for a fake vaccination cure or funding, or a company-wide email with a similar address to that of the company stating it is a “coronavirus – update by the organization” or something on similar lines forcing the employee to give in their details or redirecting them to other websites via an email link.


On February 16, the World Health Organisation (WHO) warned against fraudulent emails sent by cybercriminals posing as WHO. This was then followed by a warning from the US Federation of Trade Commission which warned against criminals spreading clickbait and creating fake websites selling antiviral equipment, testing and asking for donations for vaccines or test kits. Criminals have also posed as the CDC asking for sensitive information from users and bitcoin donations for fake vaccinations.


Top 6 COVID-19 phishing attempts to look out for:


  1. Android app – This was one of the first scams related to the Coronavirus that took place this year. Many utilty and map apps for mobile devices with a built-in Ransomware would claim it could show the route or location of infected patients around your area. The Ransomware would then change your password and lock your phone and demand a bitcoin fee to unlock your phone or restore it.
  2. Company-wide emails – companies have been warning their employees and clients of malicious emails being sent claiming to be updated on the Corona pandemic sent out by the organization. Here the email would encourage the user to click on an URL or download a virus document to read through the whole list of precautions and updates provided by the fake profile.
  3. Websites- to be clear there is no vaccine or cure for COVID-19 yet and yes vaccination trials are taking place. But steer clear of any website claiming to sell antiviral gadgets, equipment, test kits or fake vaccine cures.
  1. Text messages/Smishing- Smishing is one of the common tools used to lure innocent people into a scam via a text or link in the text asking you to visit a website, calling a number or clicking a link. Federal and state authorize are warning against messages claiming of a lockdown or other virus updates and recommend you visit an official website or government channel for authentic information. Kansas authorizes have issued warnings about broad smishing scams claiming false information about local coronavirus infections.
  1. Banks – with the stock falling, cybercriminals are trying to trick customers similar to what had happened in the 2008 crisis by posing as banks telling customers their account details have been changed and they have to click on a link and provide their current financial information to update the same.
  1. Fear-based phishing- this is something that all of us have either seen or received via a text message, WhatsApp or social media. Hackers are capitalizing on fear by spreading misinformation regarding the virus, it’s cure and potential financial changes expected to happen. You can expect to see a rise in fake medicine, donation to fake websites and NGOs, stocks.


Some top tips to stay vigilant

  1. Inspect the email address and sender
  2. Do not click on the links or download attachments in email with unverified or suspicious sources 
  3. Most phishing attempts add a sense of urgency to their message to lure the reader to open it
  4. Avoid giving personal or financial information over calls or emails or on websites that seem suspicious