This post was written by Brian Rae, director of IT/security at Right Networks
As if the trial of being shut in at home and worrying about friends and family weren’t enough, all sorts of bad actors are trying to use email scams to capitalize on confusion and fear around the coronavirus panic.
In a time when updates are coming at an alarmingly rapid pace, some of these scam messages are likely to look surprisingly real. A well-meaning user might even click on a link in one, unleashing malware through the system of a small business or firm that’s having enough trouble just staying afloat as the world shuts down.
Fortunately, cloud solutions from Right Networks can shut down malware before it starts to do damage and get systems up and running in minutes with no business disruption. But what are crooks using as phishing bait during a global pandemic?
Right Networks took a look at examples from expert security sources such as KnowBe4, Bleeping Computer, HackRead, Sophos and Crowd Strike, along with reports from its own employees hitting the “Phish Alert Report” button in Microsoft Outlook.
Here’s a sampling of what’s going on, from the dangerous to the ponderous.
Tried and true email phishing attempts
Spoofs of authoritative sources of information continue to be among the most common malicious emails. According to Right Networks’ observation, the top three spoofed organizations remain the CDC (Centers for Disease Control),
the WHO (World Health Organization—not Roger Daltrey and Pete Townshend),
…and HR.
All of those emails lead to credential phishes. The HR email, however, takes a different approach, instructing recipients to download an attachment billed as an informational poster or flyer to be displayed on walls within the organization. The supposed poster or flyer is, in reality, just a standard credentials phish.
It’s also worth pointing out that the WHO email not only spoofs DocuSign but was delivered through SendGrid, a well-known email service provider widely used by many companies and organizations. This isn’t the first time a would-be data thief has executed an email via what is almost certainly a compromised SendGrid account. Indeed, malicious emails delivered through SendGrid are becoming more and more common.
That’s a worrisome trend given that SendGrid is likely whitelisted within many organizations, meaning emails delivered through the service to sail right through firewalls and email filtering services, and straight into users’ inboxes.
New and novel approaches to scam emails
The bad guys are always innovating, always trying new approaches and experimenting with new social engineering schemes. There are, in fact, some rather striking and even unusual attempts to trick users into clicking through to malicious content. Some of these newer social engineering schemes seem to work better than others.
Malicious actors are now using a coronavirus/COVID-19 dashboard—complete with a live map similar to the real thing at John Hopkins University—to lure users to sites that install malware of one sort or another. This particular email spoofs HHS (the U.S. Department of Health and Human Services) to dangle a link to a malicious map application in front of users desperate for the latest information on the spread of the virus.
Although governmental agencies and organizations are the most frequent targets for spoofing, private companies are also targets. In one malicious email, the bad guys spoof the well-known health insurance giant Cigna to hit users with a fake bill for “Coronavirus (COVID-19) insurance coverage.”
It’s hard to say whether this is a viable approach. There’s no way to know at this point. Despite the fact the many users will recognize the improbability of Cigna signing them up for insurance coverage against a pandemic without even bothering to ask, there could well plenty of freaked-out users who will immediately click that big blue button to find out just what is going on. Some may even find such (fake) news welcome and comforting.
Utterly bizarre email phishing attempts
Then there are the scams that are just plain weird. Take this spoof of Air Canada. The subject line alone (“How was your flight back to Canada with Coronavirus?”) is pure gold, as is the sender of the email (Coronavirus Flight). It’s hard to imagine this one working, but somebody is trying it.
This spectacular bit of would-be thievery is off the charts. The malicious actors behind this spoof either: a) have an unusually warped and evil sense of humor; b) have it in for the PR and marketing folks at Air Canada; or c) are just completely clueless and tone deaf. Or it could be all three!
Right Networks can stop phishing before it starts
In any case, phishing and email scams are a very real threat to small businesses and firms, especially in a time of crisis when users are likely to be a little less careful than they might otherwise be. Fortunately, Right Networks can minimize the threat of attacks by turning security over to its own experts, who can save small organizations from disaster.
As cloud provider, Right Networks can actually detect threats that antivirus and other security systems don’t yet recognize and neutralize those threats without causing any downtime for the business. Most users won’t even know anything has happened, but Right Networks can kill email phishing and other scams before they have a chance to do any appreciable damage to a firm or small business. So, even if a panicked user does click a malicious link, the whole episode very quickly becomes a total non-event thanks to Right Networks.
Moving accounting and business applications to the cloud enables small businesses and firms to protect profitability, minimize threats and ultimately stay in business. It’s especially critical in a time of crisis, and it can cost less than $2 per day. It’s the most effective way to provide stability in an atmosphere of constant change and growing threats.