Fake coronavirus warning emails spreading malware

coronavirus email
Computer virus concept. Hand with magnifying glass testing software. Bug virus icon on computer screen. Vector illustration. Search bug and virus, magnifier glass in hand

With the outbreak of the coronavirus making headlines around the world, online scammers are using the fear and uncertainty that is currently surrounding the virus to trick people into installing malware onto their devices.

Unsuspecting victims receive emails purporting to be from legitimate sources, such as authorities responsible for disease control and prevention. The emails contain a warning that the coronavirus has been discovered in their neighbourhood, along with a fake attachment claiming to contain infection prevention advice.

Climate of fear creates fertile ground for malware distributors

The attachments contain a variant of Emotet, a dangerous trojan that can steal banking details and other types of personal information. Emotet is regarded as one of the most destructive types of malware out in the wild, so much so that according to Mimecast’s latest Threat Intelligence Report, it has caused a 145 per cent increase in threats in Australia alone.

Users who open the attachment are immediately infected with the trojan, which often goes undetected by antivirus software. The perpetrators of these attacks understand that it’s easier to exploit people in a climate of fear. A health scare like the coronavirus outbreak presents cybercriminals with a tempting opportunity to use email phishing campaigns to target people who are worried about protecting their health. It is almost certain there will be an increase in observed cyberattack methodologies against vulnerable targets during this time of disruption, so SMEs need to be vigilant.

Security has limitations in the face of human error

The sole intention of these threat actors is to play on the public’s genuine fear, to increase the likelihood of users clicking on a malicious attachment or link, to cause infection, or for monetary gain. This is a rational choice by criminals as research has shown that over 90% of compromises occur via email, and that over 90 per cent of those breaches are primarily attributable to user error.

Since Emotet forwards itself to everyone on a victim’s contact list, more people will find seemingly legitimate emails coming from trusted sources, making them likely to open the attachments inside.

Tell-tale signs to look out for

Fortunately, protecting yourself is straightforward: just avoid clicking suspicious links or attachments, even if they come from a trusted source. Keep your antivirus software updated and be sure to check the extension of the attached file before opening. Any attachments with unusual extensions like “.exe” or “.Ink” are likely to be fake and possibly dangerous.

Vigilance and good cyber hygiene are essential

Any similar event that impacts a large section of the public and communities in general is almost certain to attract similar targeted behaviour from criminals. The OAIC’s latest Notifiable Data Breaches statistics reported a rise in data breaches, with 64 per cent of the breaches caused by malicious or criminal attacks. SMEs are attractive cyberattack targets, often deploying less-advanced security tools, compared to larger organisations. As such criminals can reap rewards with a targeted breach.

There are several simple steps you can take to minimise your risk. Use a reliable Antivirus (AV) solution and follow safe cyber hygiene practices such using strong passwords and never enabling macros in any attachments if you do open them.

Do an internal audit of your staff to assess if they are prepared for security breaches, as there is good value in engaging external security support to provide awareness training.

Ultimately, SMEs needs to be vigilant at this time in relation to any emails or electronic communications purporting to be in relation to a global outbreak or similar crisis.

Nick Lennon, ANZ Country Manager, Mimecast