Malicious cyber criminals have been attempting to leverage interest and activity in the coronavirus to craft COVID-19 phishing emails that pretend to come from the CDC. The campaigns target victims with information about infection-prevention measures for the disease. These phishing emails contain links and downloads for malware that can allow them to takeover healthcare IT systems and steal information.
The FBI has also warned that some attack emails are asking victims to verify personal data so they can receive an economic stimulus check from the government. It emphasizes that government agencies do not send unsolicited emails asking for private information. Officials have noted that other phishing campaigns may use counterfeit hand-sanitizer, charity contributions, airline carrier refunds, fake cures and vaccines, and fake COVID-19 testing kits as bait.
We anticipate the attacks using the coronavirus will continue to accelerate, using fear and uncertainty as cover for malicious activity.