A new Corona Virus phishing scheme is taking the Western world by storm. Especially in the United States, but also in the UK and Western Europe or parts of Asia, hackers are using the Corona Virus scare for their own purposes. By baiting users into clicking malicious links, they steal credentials or deliver dangerous payloads of the latest malware and ransomware strains.

It’s not a complete novelty strategy-wise, considering how phishing attacks work in general. Something that tends to alert people to the gravity and urgency of the communication will always get exploited as bait. That’s why we have phishing schemes trying to impersonate government or judicial authorities, or police departments and so on.

This time, it’s the health scare regarding the Corona Virus potentially spreading from China’s Wuhan region. The Corona Virus phishing scheme is worth mentioning not just because a lot of users can be targets of it, due to the notoriety of the virus, but also because the risks involve some pretty high-profile payloads in addition to the stolen credentials.

How the Main Corona Virus Phishing Schemes Work

Especially after the World Health Organization (WHO) has declared the Corona Virus an international emergency in a statement released at the end of January, phishing campaigns using it have begun to spring up.

#1. Fake CDC Alerts

In one such phishing campaign, first spotted by KnowBe4 and further reported by Bleeping Computer, the attackers bait the victims with a list of active infections in their surroundings. In order to access the list and see if there are any outbreaks of the virus in your vicinity, you need to click a link that redirects you to a credential-stealing page.

This Corona Virus phishing email imitates the ones sent by the CDC Health Alert Network. The logo and everything else inside looks consistent with the authority allegedly sending out this warning. The targets are invited to join the coordinated effort to keep the virus at bay.

The malicious link first seems to go to the official CDC portal but then gets rerouted towards a malicious domain used for credential phishing. That means that victims are prompted to enter their Outlook login details, which then get stolen and used for malicious purposes.

screenshot of corona virus phishing email

Image source: Bleeping Computer.

It’s remarkable that this phishing email seems very well put together, imitating the style and feel of the official CDC alerts.

#2. Advice Emails from Fake Wuhan Medical Authorities

Another popular Corona Virus phishing campaign which also targets US and UK users is impersonating Wuhan medical specialists and claims to distribute advice for dealing with the virus. Besides listing a few common symptoms of the disease, the emails offer up an attachment with allegedly important medical advice.

Initially spotted by Mimecast, the Corona Virus phishing campaign tries to take advantage of the panic wave created by the virus. The email recipients are prompted to download the attachment with the note ‘This little measure can save you’.

corona virus phishing campaign screenshot

Image source: Bleeping Computer.

If victims download the malicious PDF attachment, they also risk infecting their computer with a malware payload.

#3. Emotet payloads

Other Corona Virus phishing campaigns seem to have been launched by Emotet, especially in the Japan area. The mechanism of that campaign is similar: victims are tricked into clicking a malicious link in order to find out more about mandatory regulations for protection against the Corona Virus, but instead, they get delivered the Emotet payload as soon as they click the link. The banking Trojan is notoriously stealthy and difficult to remove once it enters your system.

Emotet is surely just one of the more notorious malware strains to jump on the Corona Virus phishing bandwagon. Other malware and ransomware gangs will probably try to use genuine public fear regarding this outbreak to their advantage. Stay vigilant and don’t believe every email you receive, no matter how legit it looks.

How to Stay Safe from the Corona Virus Phishing Schemes

It doesn’t take a lot to stay safe from phishing schemes in general, but this one may be a little trickier.

Good cybersecurity habits help too, of course, so make sure you:

  • Always inspect a link (by hovering with the mouse button over it) to see where it really leads to, especially if you received it from an out-of-the-ordinary email message or direct message;
  • Never enter your account credentials when you are redirected to a page for downloading a file or whatever pretext the email message used;
  • Remember that even email addresses which come from seemly legit-looking domains may not be what they seem – it’s still very easy for hackers to spoof their email address into something trustworthy;
  • Be wary of any communication that tries to make you act on impulse, by rousing strong emotions of alert, fear of missing out (you won a prize but you need to claim it now, etc.), panic and so on.

In addition to this general advice, you need to protect yourself from the malicious payloads that some of the emails in the Corona Virus phishing campaign carry.

One must-do is to keep your software up to date and apply patches as soon as they are released. Unpatched software and apps can create security loopholes you can get infected through. There are automatic tools to help with this (such as our Heimdal Free).

Another important defense is to have an extra security layer on top of your Antivirus. Contemporary threats are getting more and more sophisticated and simple reactive software can’t stand up to it anymore. That’s why Antivirus is not enough.

To be properly protected even in the bad scenario where you click a malicious link that wants to deliver a payload in your system, you need a DNS traffic filter.

If you don’t already use one, you can try out our Heimdal™ Premium Security Home (containing both an Antivirus and a DNS traffic filter and automatic software updater) for a month with this promo:

The easy way to protect yourself against malware
Here's 1 month of Heimdal™ Threat Prevention Home, on the house!
Heimdal™ Threat Prevention Home
Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe


Download Free Trial


Final Thoughts

Remember: the era in which you could easily spot a phishing email just by its bad grammar and laughable pretensions is fading. Malware actors are working more and more as organizations of highly professional individuals.

You need to learn to pay attention to the finer details, such as inspecting links to see where they really lead to. Also watch out for any communications which try to convey a sense of urgency, encouraging you to act now (enter credentials or call, etc.).

Even if the claim is legitimate, there’s no need to be impulsive. Check, double-check and think it through. That way malicious campaigns such as the Corona Virus phishing scheme will not fool you into any trouble. Stay safe!


Xenia (plants)

Leave a Reply

Your email address will not be published. Required fields are marked *