A group of malicious individuals have reportedly been using the COVID-19 outbreak to profit from the unsuspecting public. They are capitalising on the fear and confusion that is being generated from this ongoing health scare. Ingenious methods are used by these people to coax sensitive information from their victims. They would have gone undetected had it not been for security researchers from Trustwave.

There were two reputable bodies identified which were used by the scammers to gain the trust of their prey scams though others could also have been employed.

The first was the Centers of Disease Control (CDC) and Prevention of the United States. This is under the Department of Health and Human Services and among the country’s top public health institutes.

Also utilised was the World Health Organisation. It is an agency under the United Nations which deals with international health concerns.

Both are trusted and credible bodies whose reputable names were surreptitiously exploited to cause harm to others. The fraudsters sent emails in the guise of legitimate health news about the virus. Those who read it however were manipulated into downloading malware onto their computers. There were also reports of login credentials being obtained from the ruse.

It works like this.

From the email, the reader is directed to click on a link. This link will supposedly give information on new Coronavirus cases near the potential victim’s location. Upon clicking, a bogus Microsoft Outlook web page will appear prompting the user to input their login details. Doing so would purportedly allow them to go further and see the desired data. It is however only an often used ploy, to extract personal details from unsuspecting users.

To avoid being scammed:

• Always check that the URL matches what the original website should normally have
• Immediately change your password if you already gave your login credentials
• Install a multi-factor authentication system when able
• Peerkey offers a range of solutions to defeat social engineering attacks before damage can occur.