All countries have already been the target of attacks using the new coronavirus as bait. This is revealed by a Microsoft survey released last Wednesday (8). According to the manufacturer of Windows, the volume of successful attacks is greater in countries that are experiencing an outbreak of Covid-19, following the increase in fear and the search for information online. China, the United States and Russia were hardest hit by the malicious campaigns.
In an interview with the Business Insider website, Rob Lefferts, vice president of Microsoft 365 Security, said the attacks geographically follow the advance of the pandemic. “What you see on the map is that the success of these attacks is a direct correlation with the growth of the pandemic,” said the executive. “The countries with the highest number of outbreaks are also the most affected by these baits. Confusion, worry and fear are driving people to click, and that is what criminals are taking advantage of,” added Lefferts.
Microsoft’s analysis shows that attacks involving the coronavirus have been circulating on the Internet for some time, but in a different guise. In fact, cybercriminals are just adapting malware and phishing campaigns to mention the pandemic. “This means that we are seeing a change in bait, not an increase in attacks,” explains Lefferts in an official statement. “Our intelligence shows that these attacks are establishing themselves at a pace that is the normal ebb and flow of the online threat environment.”
The software giant found 60,000 messages with malicious attachments or links related to Covid-19. The good news is that, while it draws attention, the number corresponds to less than 2% of the total threats tracked daily. According to Microsoft, the percentage reinforces that the volume of attacks is not increasing.
To steal victims’ data, criminals are sending e-mails on behalf of entities such as the World Health Organization (WHO), the Centers for Disease Control and Prevention (CDC) and the Department of Health. In general, the messages mention the Covid-19 on the subject and claim to contain important information about the disease.
The alleged updates are described in an attached file, which is infected. Upon downloading the document, the victim unknowingly contracts malware from the Trickbot or Emotet families. The scam is not surprising and follows the pattern of phishing campaigns, but it manages to hook the most inattentive ones by using the logo of the institutions to forge the credibility of the email.
How to protect yourself
To protect yourself from attacks related to Covid-19 or any other phishing campaign, it is important to follow a series of recommendations. The first is to check if the sender’s address actually corresponds to the sender. A classic example is the name before the sign simulates that of the entity, but the domain is completely different.
Another tip is to watch for spelling or language errors. Texts with such problems may indicate that the email is fraudulent. Also remember that entities like the WHO do not usually send individual electronic messages. In such cases, be wary: the message probably hides some kind of threat.
Finally, never download attachments from unknown emails. This goes for all types of files: compressed documents, PDFs, spreadsheets, text files or executables (.exe).
If the message asks you to click on a URL, the tip is to hover over the link to verify its authenticity. If the address points to a different site from the institution, it is a sign of a scam. But watch letter by letter: many criminals duplicate or exchange characters to create a domain similar to the original.