Cyber scams linked to COVID-19 rising, says Sophoslabs

2 min read

There are increasing cases of coronavirus-associated scams in domain names, spam, phishing attacks and malware attacks, according to SophosLabs.

The cybersecurity firm made this discovery while tracking threats in the use of COVID-19.

The live report from SophosLabs Uncut showed that the volume of COVID-19 email scams had nearly tripled in the past week.

Findings indicated that the attackers were also increasingly impersonating the World Health Organisation, Africa Centres for Disease Control and Prevention, North America and the United Nations, as seen in scams tracked by SophosLabs.

Speaking on the development, Sophos Principal Research Scientist, Chester Wisniewski, noted that the cybercriminals that initiated a herbal Viagra scam had introduced a similar one using chloroquine.

According to him, attackers are using trending coronavirus news to lure their victims.

“Cybercriminals are wasting no time in shifting their dirty, tried and true attack campaigns toward advantageous lures that prey on mounting virus fears. It’s easy to see, for example, that the attackers behind a new chloroquine scam are the same as those behind a recent herbal Viagra scam,” Wisniewski said.

He added, “Similar to the A/B testing of advertisements and web pages, criminals often dip a toe in the water when there is a new or sensational topic in the news. If the new topic proves a more effective lure than the previous scam bait, they begin switching to new lures.”

The research scientist cited the example of attacks by cybercriminals using fake shipping documents and delivery emails.

He said, “In fact, in one of the spam campaigns we tracked this week, there was evidence of exactly that. These particular criminals had been using fake shipping and delivery emails to convince unsuspecting victims into opening attachments and infecting their computers with the Kryptik Trojan.

“Now, the main body of the email pretends to come from with ‘health advice’ in the attachment, but when we carefully inspect the plain text body, we see it matches a previous spam campaign from this same criminal using a lure pretending to be about invoices and deliveries.”

Wisniewski explained that the cybercriminals were either asking potential victims of download an attachment, click on a link, visit a website or donate cryptocurrency.

He said, “The increases we are seeing are likely due to two important factors. First, as time passes, more and more criminal groups are joining the party on using all this interest in COVID-19 to steal money from people. Secondly, it takes time. Any given criminal group has to ‘craft’ the spams to convince the recipient to take an action. In the research community, we call this the call to action.

 “The call to action might be to open the attachment, visit the website or, in the case of the WHO Bitcoin scam, to donate cryptocurrencies to criminal-controlled Bitcoin wallets. Crafting these messages takes time, especially for those who are not native English speakers.”

He explained that the comment made by the United States President, Donald Trump, on the efficacy of chloroquine for the treatment of coronavirus had led to a rise in spam emails on pitching the drug to people.

“A few days ago President Donald Trump mentioned the possible efficacy of a drug called chloroquine against coronavirus immediately leading to WordPress blog comment spammers switching from pitching herbal Viagra to instead attempting to sell you chloroquine, which can be quite dangerous when not taken under the supervision of a doctor.

“And within only two days of the WHO creating a charity called the Solidarity Response Fund, criminals were soliciting Bitcoin donations pretending to be the charity, even implying your donation is fully tax-deductible in the US or Europe,” he 

* The email will not be published on the website.