BEWARE of COVID-19 based Phishing and Malware Scams

Recently, malicious cyber threat actors have been leveraging the current news cycle to launch Coronavirus themed cyberattacks at their targets. Prominent news reporting and the resulting elevated concern for the Coronavirus issue is being used as context for a malicious email phishing campaign. The phishing emails contain links to malware that is frequently used to target healthcare organizations and their IT systems.

Attempting to exploit human greed, fear, and curiosity are common tactics among phishing campaigns – malicious e-mails deliberately crafted to entice the recipient to click a link or open an attachment in the e-mail which, while appearing helpful, compelling, or interesting, actually contains malicious code. Victims who interact with malicious links or attachments may expose their systems, networks, and valuable information. These exposures allow an attacker to use infected systems as a platform to launch additional attacks. The new Coronavirus themed phishing campaign is attempting to capitalize on concerns about the Coronavirus, a respiratory illness currently in the news and frequently making headlines. Researchers are reporting that these Coronavirus themed phishing emails contain links and downloads for the Emotet malware. At least one campaign has been identified as attempting to impersonate the Centers for Disease Control and target Americans and other English-speaking victims.

The HSC Information Security Office asks the HSC community to remain vigilant against phishing and malware scams whether through email or social engineering attempts over the phone. Remember to:

  • not click on links or attachments from unknown or unexpected senders.
  • confirm unusual requests using a secondary contact methods.
  • report questionable messages to the mailbox.
  • immediately contact the HSC Helpdesk( ot HSC Information Security ( if you feel your account has been compromised.

HSC Information Security