17.03.2020 Don’t click: Coronavirus phishing scams on the rise

by Field Effect

Use Covalence and follow these tips to stay secure


As the coronavirus continues to make its impact across the world, it can be challenging to stay cool-headed.

Health and safety have never been more critical. At the same time, cyber criminals are finding new ways to exploit COVID-19 fears and take advantage of anxious workforces.

At Field Effect, safety and security are central to our culture and mission. Our team is committed to ensuring our employees, customers, channel partners, and business associates remain safe and secure. And yes, with a bit more peace of mind.

So, let’s take a look at factors driving new cyber crime in the COVID-19 events, the tactics emerging, and tips for avoiding these scams.

More remote workers, connections, and devices

More businesses and organizations are enabling employees to work remotely to avoid spreading the virus. While this enables business to continue, it also presents new security challenges.

For example, companies may be in various stages of enabling flexible work. While small businesses that rely on distributed, virtual teams to move their operations forward may have secure remote access capabilities (e.g. hardened VPN access) and firewalls already in place — others may simply not have the tools or security measures ready to support virtual work on a wider scale.

Yet, enabling safe remote access requires proper security controls. This requires IT teams and service providers to diligently monitor remote access system behaviors, communicate best practices, and apply fundamental security measures — threat monitoring and detection, advanced and updated endpoint and network protection, password policies, VPNs, and DNS firewalls, to ensure connections to the network and web browsing from remote workers stay private and secure.

As a reminder, our Covalence threat monitoring and detection platform can detect Remote Desktop Protocol (RDP) activity from external sources into user networks. Covalence will also generate alerts when network connections from common Remote Administration Tools (RATs) happen, and detect when anomalous logins occur on cloud-based solutions (e.g. G Suite, Office 365).

Health advice or dangerous malware?

New COVID-19 email and web scams are also playing on uncertainty and fears. Attackers are disguising emails as health and safety updates from authorities, or even more dangerous, urgent alerts with mandated actions and requests — claiming to be organization representatives and asking the victim to click a link, open an attachment, or provide sensitive information such as usernames or passwords.

Attackers are also serving up fake COVID-19 websites — one was disguised as a coronavirus map of worldwide infections. Once you click on the site, you’re directed to open an applet that infects your device with AZORult malware, a credential and data-stealing malware.

Here are just two examples:

  • Phishing scams positioned from the World Health Organization, pretending to offer coronavirus information, encouraging recipients to view an attached file — don’t click, this distributes GuLoader malware that installs an information-stealing trojan (FormBook).
  • Phishing emails sent to Italian email addresses, offering an attached word document with advice on preventing infection. However, the document contains a Visual Basic script that downloads and executes a variant of the Trickbot banking trojan.

Don’t click, follow these tips

Learning to recognize signs of phishing can be tricky. Urgent requests for action or information, typos and misspelled emails, unfamiliar email addresses, are all signs. Stay calm and when in doubt, don’t click! Additionally, avoid downloading and installing any software/apps specifically related to coronavirus (or any current news cycle topic).

The Cybersecurity and Infrastructure Security Agency (CISA), the risk advisor in the U.S., just issued a warning about the coronavirus email scams.

Here are tips from CISA with precautions to take:

At Field Effect, we offer customized phishing exercises, as well as cyber range training, to keep teams skilled at recognizing the tricks. Through our Suspicious Email Analysis service, we also provide expert-level analysis of email content metadata, and attachments, all with actionable steps to take.

When in doubt, never click. Always report anything suspicious to your IT team, IT service provider, or our team here at Field Effect.

Remember to stay calm

While calm may not always be the order of the day, our Field Effect team is available to answer any security questions and provide support. Reach out to us at [email protected].

You can stay informed on the latest COVID-19 developments by visiting the websites below:

Stay healthy, safe, and secure!


Request Demo

Fill out the form and we will send you details about our demo.