The Symptoms of Infection: The Coronavirus Phishing Scam

The Symptoms of Infection: The Coronavirus Phishing Scam

Share with your network!
The Symptoms of Infection: The Coronavirus Phishing Scam


Switch on the TV or open social media and you cannot help but be drawn into the unfolding Coronavirus drama. Like a Zombie plague, the news outlets are spreading the word far and fast about this novel virus. And of course, cybercriminals, who love a major event, are cashing in on the ‘viral’ opportunities the Coronavirus presents for phishing.

This week’s Breaking Scam post, just like its real-life virus namesake, has not yet caused infection chaos in the British Isles, but it may do at some point. The tradition of The Defence Works and security awareness is that forewarned is forearmed; so, here is the latest on the Coronavirus phishing scam.


The Coronavirus Scam Details

The Defence Works often writes about how big events are often used as the bait in phishing emails and mobile scam messages (SMShing). The Coronavirus is one such major event. It has us all talking about it, so it is very much in the minds of people. The virus is unknown, novel, and therefore understandably causes concerns in people. This is the perfect breeding ground to create a phishing campaign that is likely to show a high level of success in click through rates, driven by fear and anxiety.

At the time of writing, the phishing campaigns that are piggy backing off the infection are mainly seen in the USA.

There are a few variants of Coronavirus phishing – the cybercriminals using ‘mutations’ to increase their infection rate.


The Coronavirus Phishing Email Attachment Scam

Security vendor, Sophos, has identified a Coronavirus phishing email and analysed the method used by the cybercriminals behind the scam.

The email is branded as if from the World Health Organisation (WHO). The email alerts the recipient to a PDF which will let them know about safety measures to prevent the spread of the virus.  

There is a big download button, just in case you didn’t know how to access the PDF.

On clicking this button, you are taken to a website that looks just like the real WHO website. This is, in fact, the WHO website, superimposed using a frame embedding the site into the spoof site. Then overlaid, is a login dialog asking for your email address and a password.

If you enter an email address and password it will be stolen by the cybercriminals behind the scam and used to login to other accounts, you own. The ultimate goal is to steal your personal data and/or any financial information the fraudsters can get hold of.


The Centers for Disease Control and Prevention (CDC) Coronavirus Scam

Again, this scam is based on a phishing email and similar to the WHO scam email. Kaspersky identified the scam. This time, the email is branded to look like it is from the U.S. infection control organisation the CDC. A link in the email takes you to a spoof of a Microsoft Outlook login page. And, just like the WHO scam, if you enter your email address and password it will be stolen by the scammer and used to login to your email and/or other accounts.


The Coronavirus scams described here, are, so far, targeting U.S. consumers. However, it is only a matter of time before the fraudsters cast their net wider and send out phishing campaigns further afield. These campaigns will likely be country-specific, perhaps still using the WHO template or maybe an NHS spoof phishing email might arrive in your inbox.

To avoid Coronavirus scams and any other phishing email scam:

  1. Be aware of the types of tricks that are used by fraudsters to make you believe the emails are legitimate
  2. Avoid clicking on links in emails
  3. If in doubt, navigate directly to the original website in question and log in directly
  4. Never give out any personal details from an email link or via an email attachment unless you are 110% sure of its legitimacy


Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

The Coronavirus Phishing Scam

Fraudsters are jumping on the Coronavirus bandwagon and using the threat of disease to send out phishing campaigns. To date, these have focused on the U.S. However, they may begin to target UK users. Beware of any emails that look like they are about the coronavirus and how to prevent the spread of the disease. They usually have links in them to download or access a document about preventative measures to avoid infection.


For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?


Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!