HKCert
Security Blog

HKCERT urges the public to step up vigilance against rising COVID-19-themed phishing attacks

Release Date: 26 / 03 / 2020
Last Update: 26 / 03 / 2020

With the global 2019 Coronavirus Disease (COVID-19) pandemic intensifying, different types of cyber attacks in the name of the disease have increased dramatically. The Hong Kong Computer Emergency Incident Response Team Coordination Centre (HKCERT) published a blog "Watch out for Phishing Attacks Using False Information on Infectious Disease" in early February on phishing email cases targeting Web users in Japan. The email tricks the victims to download a PDF, DOC or MP4 file which is actually a malware or a trojan. Nevertheless, we noticed that similar kinds of phishing attacks have begun to spread around the world.

 

Currently, hackers often send messages, emails and establish fake websites to attack Web users, pretending to be official institutions or medical suppliers. The purposes of these attacks are to steal personal data, spread malware and conduct money fraud. The followings are some of the techniques we have observed:

 

  • Steal Personal Data
    1. Send SMS scams about free mask giveaways or delivery delays to trick victims into giving out their personal information [1];
  • Spread Malware
    1. Masquerade as international bodies, such as the World Health Organization or government agency, to send malicious emails about latest regional news of COVID-19 or health advices [2];
    2. Pretend insurance companies and send fake invoices with hyperlink of COVID-19 themed insurance plan. The hyperlink will redirect the users to download malware [3];
    3. Disguise as a real-time COVID-19 map website to infect victims with a password stealing malware [4];
    4. Put a malicious COVID-19 tracker App on mobile phone App store, which will install a ransomware [5]; and
    5. Sell malware or cyber attack services at discounted prices in Dark web. Yet, the malware itself may be used to infect the buyer’s PC [5].
  • Conduct Money Fraud
    1. Register domains with the word “covid-19” or “coronavirus” and set up a fake website for selling hygiene supplies [6];
    2. Send phishing emails and ask for donation (i.e. in bitcoin) to help fighting the virus [7]; and
    3. Inject COVID-19 related terms into legitimate comments left on web forum. These terms link to a dubious drug-selling websites [8].

In addition to the above-observed attack tactics, other cyber attacks in the name of COVID-19 may continue and evolve in many ways. HKCERT reminds everyone to stay alert.

 

  • For Work From Home arrangement, businesses owners should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication;
  • Keep all the system software up-to-date;
  • Beware of emails asking for sensitive data (e.g. account passwords or bank account information);
  • Do not install mobile Apps from unknown sources;
  • Use well-known and secure Wi-Fi network only;
  • Use trusted websites for up-to-date, fact-based information about COVID-19 (e.g. HKSAR Government’s “Together, We Fight the Virus!” website: https://www.coronavirus.gov.hk/eng/index.html).

 

For more security advices, you can refer to our security blog "Watch out for Phishing Attacks Using False Information on Infectious Disease", https://www.hkcert.org/my_url/en/blog/20020401.

 

If you find similar phishing attacks, please report them to HKCERT via its 24-hour hotline +852 8105 6060 or email: [email protected].

 

References:

  1. https://www.zdnet.com/article/south-korea-sees-rise-in-smishing-with-coronavirus-misinformation/#ftag=RSSbaffb68
  2. https://nakedsecurity.sophos.com/2020/03/05/coronavirus-warning-spreads-computer-virus/
  3. https://isc.sans.edu/diary/rss/25892
  4. https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/
  5. https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html
  6. https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/
  7. https://www.bbc.com/news/technology-51838468
  8. https://www.imperva.com/blog/concern-over-coronavirus-leading-to-global-spread-of-fake-pharmacy-spam/