Criminals are exploiting the public’s fears about the coronavirus to try to break into their email, social media, and banking accounts, cybersecurity experts have warned.
Hackers are sending emails purporting to provide information about the coronavirus but are designed to trick people into handing over their passwords, experts at the leading cyber threat intelligence firm FireEye said Thursday. Some even contain malware that could take over a victim’s computer.
“We’ve seen financially motivated actors using coronavirus themed phishing in many campaigns, with dramatic month-over-month volume increases from January through to today,” FireEye said in a brief prepared for media and shared with CNN Business.
Ben Read, senior manager, cyber espionage analysis at FireEye, explained that hackers regularly exploit crises and other news events that people might be concerned about in attacks. “It’s the same tactic with a different coat of paint,” he said.
But rarely does an event garner so much shared global interest and concern as the coronavirus, he said. As a result hackers have particularly focused on the pandemic. Email has been an important mode of communication, with service providers, government offices and schools using it to share information about safety measures, closures and other changes. Hackers, in turn, may try to mimic those messages, Read said.
FireEye provided details of what it said was a malicious email that had the subject line “D-19 Everything you need to know.”
The email contained a malicious link to a coronavirus FAQ document.
He advised people to take the same standard steps they should always take like exercising caution before clicking on links in emails and to be wary of any emails or messages that you aren’t expecting.
“If you get an email that looks like it is from the WHO (World Health Organization) and you don’t normally get emails from the WHO, you should be cautious,” Read said.