The new coronavirus has been a bonanza for scammers and spies, who are exploiting the global thirst for information about the outbreak to make money and steal information, government officials and cybersecurity experts say.
Criminal hackers, scammers and even governments have been sending fake coronavirus-themed emails designed to trick people into opening attachments that download malicious software, allowing access to their data, experts told NBC News. Some messages have impersonated the World Health Organization and the Centers for Disease Control and Prevention, while others have masqueraded as communications from health authorities in other countries, including Ukraine, Vietnam and Italy.
The FBI is tracking so-called phishing campaigns that seek to use people’s interest in the coronavirus to get them to click on links that encourage them to reveal sensitive login information, a top FBI official said.
“One of the things that’s most concerning to us are phishing scams with a coronavirus theme,” said Herb Stapleton, a section chief in the FBI’s cyber criminal section. “This is a vector or an approach that we didn’t see three months ago and now is suddenly successful.”
Full coverage of the coronavirus outbreak
People can report bogus emails to the FBI by going to www.ic3.gov, Stapleton said.
Sophos, a global security company, provided NBC News with examples of the phishing scams, including one offering information purported to be from the World Health Organization.
The coronavirus phishing scam, which has been around since early February, has targeted users around the world. Police departments from Australia to the U.K. have issued warnings to be on the lookout for it.
The WHO also issued its own guidance making it clear that it would never “ask you to login to view safety information.”
A newer and lesser-known scam has recently been uncovered by Sophos: emails purporting to be from CDC doctors and U.N. officials that encourage users to download malicious files.
“A must read,” says one bogus email purported to be from a CDC doctor, which the company showed to NBC News. “Find in the attached everything you need to know about the spreading and management of the deadly Wuhan Coronavirus…”
Download the NBC News app for full coverage of the coronavirus outbreak
If a person clicks on one of the attachments promising guidance on how to “help prevent the coronavirus,” malware will be downloaded onto the unsuspecting user’s device. One malware package, called “Trickbot,” typically tries to steal banking credentials, and the other, named “Fareit,” which can log a person’s keystrokes, typically tries to steal any and all login credentials.
“In volume, the malicious ones are a fraction of the total number of things trying to take advantage of the coronavirus, but obviously they are the ones we worry about the most because they are the ones that cause harm,” said Chester Wisniewski, a research scientist with Sophos.
Cybercriminals “recognize that when there is a crisis, people are hungry for information — they are looking for whatever is new,” said Shawn Henry, who once headed the FBI’s cyber division and now works for a security firm, CrowdStrike.
“When people are hungry for information, they are vulnerable, because they’ve got their guard down.”
CrowdStrike and other leading cybersecurity firms say the coronavirus has become the top new theme in schemes that use social engineering to induce recipients to open attachments or click on links that then open their computer files to attackers.
“This is dominating cybersecurity right now,” said Jim Yacone, a former senior FBI official now at the SANS Institute, a cybersecurity research and education organization.
It’s not just criminals — spy agencies appear to be using the technique, as well, experts say.
Security firm FireEye documented a China-based effort to extract information from Vietnamese government officials, as well as multiple campaigns targeting Ukrainian officials.
The U.S. Secret Service said in a statement warning the public: “Coronavirus is a prime opportunity for enterprising criminals because it plays on one of the basic human conditions … fear.”
“Fear can cause normally scrupulous individuals to let their guard down and fall victim” to scams, the statement added.
The scams go well beyond the U.S. The security firm Fortinet found an email written in Italian, posing as a message from an Italian health agency, that induced users to click on an attachment that looked like a Microsoft Office document.
In fact, the user was downloading Trickbot malware.
Other hackers are sending emails with what purports to be a secret cure for the coronavirus. When recipients click on the link, they are asked to enter their credentials, according to the security firm Proofpoint, which also found fake WHO emails.
Authorities in the U.K. are also warning about coronavirus-related email scams.
The FBI, the Secret Service and security firms urge people to:
- Avoid opening attachments and clicking on links within emails from senders you don’t recognize.
- Always independently verify that any requested information originates from a legitimate source.
- Refuse to supply login credentials or financial data in response to an email.
- Visit websites by inputting their domains manually.
“Making the public aware of how to protect themselves is a really important step in stopping this type of activity,” Stapleton said.