Coronavirus (COVID-19) Security Update
About a month ago we alerted you to be wary of any emails about the novel coronavirus (COVID-19) because the bad guys commonly use current events — particularly frightening current events — as bait for their phishing campaigns. Here’s an update about a specific scam being perpetrated that goes beyond email.
A legitimate interactive dashboard of coronavirus infections created by Johns Hopkins University is being used in malicious websites and spam emails to spread password-stealing malware. Recently a number of cybercrime forums began selling a digital coronavirus infection kit that uses the Hopkins interactive map as part of a malware deployment scheme. The kit costs as little as $200. Here’s a “testimonial” from one of the users of this malware:
“It loads [a] fully working online map of Coronavirus infected areas and other data. Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends!”
This is a good reminder to seek out information from the source. Do not rely on websites or emails that repackage and re-send a news story or article from somewhere else. As long as the coronavirus remains big news, bad actors will continue to find ways to use it to their benefit. Be mindful, protect yourself, and as always, avoid opening attachments in unsolicited emails — even if they seem to come from someone you know.
© 2020 The GuideOne Center for Risk Management, LLC. All rights reserved. This material is for informational purposes only. It is not intended to give specific legal or risk management advice, nor are any suggested checklists or action plans intended to include or address all possible risk management exposures or solutions. You are encouraged to retain your own expert consultants and legal advisors in order to develop a risk management plan specific to your own activities.