Avoid Coronavirus Phishing Emails [Updated 5/23/20]

The coronavirus can be a little scary. But its important to keep informed by trusted sources. But nervous times is also a time for scammers and black hat hackers.

The Danger
#1) DO NOT download coronavirus mapping software. Black hat hackers have created programs that are advertised as virus maps. Use the World Health Organization or the John Hopkins online map. Its accurate and no download required.

#2) There is a new type of phishing happening, it uses the coronavirus scare to get you to click on the link or document in the email. It's very important not to click or open anything within the email. It will contain malware, remote access tools, or ransomware.

Here are some dangerous site examples to look for:
  • coronavirusstatus[.]space
  • coronavirus-map[.]com
  • blogcoronacl.canalcero[.]digital
  • coronavirus[.]zone
  • coronavirus-realtime[.]com
  • coronavirus[.]app
  • bgvfr.coronavirusaware[.]xyz
  • coronavirusaware[.]xyz
  • corona-virus[.]healthcare
  • survivecoronavirus[.]org
  • vaccine-coronavirus[.]com
  • coronavirus[.]cc
  • bestcoronavirusprotect[.]tk
  • coronavirusupdate[.]tk

The following are some examples of what you could see. DO NOT CLICK on links or attachments within the email.

A new type of phishing email warning the recipients that they have been exposed to the Coronavirus through personal contact with a "colleague/friend/family member" and directing them to download a malicious attachment and proceed immediately to the hospital.

This email is simple, succinct, and alarming. Moreover, it spoofs a hospital, lending additional credibility to this particular social engineering scheme, which is clearly designed to elicit a panicked response from readers and override any form of rational, measured thought.

The attached Excel file is billed as a "pre-filled" form that victims should bring with them to the hospital. In fact, that form is a malicious, macro-laden Office document that is at the time of this report detected by only a handful of major anti-virus applications. This malware’s capabilities are incredibly sophisticated and dangerous.

Danger #4
New Malicious Excel file with Remote Access Tool [5/23/20]
The emails purport to come from Johns Hopkins Center bearing "WHO COVID-19 SITUATION REPORT". The Excel files open w/ security warning & show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads & runs NetSupport Manager remote access tool.

NetSupport Manager is an official program. But it can also be used to get past your computer's antivirus software. It's used to remotely control your computer, extract files, and place files onto your computer.

What to do
1.) Close the email, report it to your office's IT department, and delete the email. If your at home, mark it as spam [or phishing if you have the option], and delete it.

In legit looking emails, try hovering your mouse over the link without clicking. This will reveal the full address, which can expose signs of fraud. A “.ru” on the end, for example, means the site was created in Russia; “.br” means Brazil.

If the link in the email doesn't match the actual URL when hovering over it, DO NOT click on the link.

Note: Most PC email software will have the actual URL shown in a popup box or at the bottom corner.

Misspellings in URLs are another good tip-off to a fake website. If the URL says corronaviruss.com, it's best to avoid it. And if you get an email advertising a great deal on masks or hand sanitizer at a major retailer, open a window in your browser, search for the retailer’s web address, and compare it with the one in your email.

2.) If you are not sure about a document, let your office's IT department know so they can scan the document for malicious code. If your at home, you can use VirusTotal.

VirusTotal is an online document analyzer that scans for malicious code. If its malicious, the site will inform you on what to do, and it'll update its database for others.

3.) DO NOT download coronavirus mapping software. The World Health Organization has a map, no download required.

Here's the official John Hopkins Map:

4.) Another important tool to use is a browser extension called HTTPS-Everywhere. This will force all websites to use the available secure site. A lot of phishing sites use HTTP only, which isn't secure and can easily be monitored. HTTPS everywhere will block the non-secure site.

[Make sure the 'encrypt all' is selected]

5.) The best way to stay safe, is to stay informed with trusted sources. I stay calm and use the CDC and the World Health Organization website for my information.

EPA list of COVID-19 Disinfectants

Think like a hacker
What is your realistic threat model with this virus?
For healthy young people, it's being a carrier of the virus to others. For people who are pregnant, babies, elderly, and weak immune systems. It's more of a threat, which could be fatal if not seeking medical attention. So let's be aware before coming in contact with the possibility effected individuals.

Its best to stay calm, stay informed, use common sense, and share helpful knowledge with others.

Wipe down commonly used equipment (ie coffee maker, smartphone, tablet), wash your hands/forearms with soap a few times a day. And the only thing panic buying out stores will do, is take away resources from people who need those products. So let's think of others, use common sense, listen to doctors and medical professionals.

To Sum Up Everything

For a FAQ from a medical doctor, watch this great video.

Here's a great article that breaks the situation to kids. Because kids get scared, when adults are scared.

Get the modded Calm app to help with your anxiety and stress.

And thank you to all the medical professionals for everything you do, especially within this pandemic.

Popular posts from this blog

Modded Spotify - Premium & Different Colors!

Tutorial: Free Unlimited Hotspot Tutorial

Modded Security Master