US Secret Service warns that coronavirus email scams are on the rise

Companies throughout the country trying to keep employees informed about coronavirus are facing another threat in the form of a flood of malicious emails, authorities say.

In a U.S. Secret Service alert sent this week to law enforcement and banking officials, the U.S. Secret Service warns corporate America about fraudulent emails that contain malicious attachments.

“During the coronavirus outbreak, many companies and organizations have sent emails containing COVID-19 updates to their customers to make them aware of their current response and status. As these types of emails have now become increasingly frequent, criminals have started to use this familiarity to their advantage,” the alert, obtained by CNBC, said.

The agency said in the alert that it is investigating attempted attacks in which the malicious email attachments would allow the attackers to remotely install malware on the infected system to “potentially harvest credentials, install keyloggers or lock down the system with ransomware.”

The email attachment is usually a Microsoft Office or WordPad File, the alert said.

“However, it is always possible that different variations exist, or the attack vectors will evolve. Corporations should be aware they are being targeted, with the attackers potentially posing as a vendor, member of the supply chain, or other familiar entities that would not seem out of place,” the alert said.

Another version of this attack, the alert said, is an email supposedly from the U.S. Dept. of Health and Human Services that targets potential supplier companies by requesting they provide any medical protective equipment from a price list with the attachment containing malware. In most instances, “the email signature blocks used the identity of a legitimate employee. Keep in mind that typically, legitimate COVID-19 response emails have a message only in the body of the email and do not contain attachments.”

These attacks are the latest in a flood of coronavirus-related scams, according to authorities and consumer watchdogs.

This text message is actually scam, according to Akamai.

Source: Akamai

For example, researchers at Akamai, which monitors and builds website defenses for companies, said on Thursday that they uncovered phishing attacks that start with a text message that is supposedly related to COVID-19 news, government updates or health-related products and services.

But “once the victim clicks the link, they’re directed to a domain and forwarded to another spoofing one of several well-known brands. Some of the brands being abused to target potential victims include Microsoft, Orange France and eBay,” according to a post on Akamai’s website.

A fake website used to harvest credentials in a cyberattack related to Covid-19.

Source: Akamai

Akamai researchers said criminals gain trust by pretending to be an insurance company, bank or trusted brand, hoping that victims open emails with malicious links that access sensitive personal information.

This attachment was found in malicious emails pretending to be from the CEO. If the link was clicked on, employees were directed to a Microsoft page that looked real and eventually asked to enter their username and password, which was stolen.

Source: Menlo Security

And Menlo Security, a Palo Alto-based cybersecurity company, said a recent attack stole login credentials by pretending to be an email from the CEO communicating critical COVID-19 information. The senders, who targeted key employees from the executive and finance teams at hundreds of companies, created personalized emails and copies the header, footer and general e-mail layout. Inside the body of the email was an attachment which contained a shortened URL. If employees clicked on the link, they were directed to a Microsoft login page that looked real, but was stealing their username and password.

This is a fake Microsoft page used to steal credentials.

Source: Menlo Security

Menlo Security found that between Feb. 25 and March 25, a 32 times increase in the number of daily successful attacks, including a surge on March 11, the day the World Health Organization declared COVID-19 a pandemic.

Please email tips to investigations@cnbc.com.

Leave a Reply

Back to top