Whenever there is widespread media attention over a disaster or public threat, scammers jump in with exploits. Fear over the coronavirus is no exception.
Scammers are taking advantage of public fear and curiosity to distribute malware disguised as information and instructions for avoiding contamination from the coronavirus. The malware is largely distributed as Microsoft Word documents (docx file extension), PDF docs, and mp4 (movie) files attached to email messages. As, with any profitable scam, you can expect scammers to use all the standard threat delivery methods (robocalls, text messages, etc.).
These attempts follow standard social engineering principles. Many of the emails are designed to appear as though they are from official government sources (authority figures), and they play on fear and urgency. They tempt the recipient to click on links that promise helpful information but instead download viruses to the user’s computer. Sometimes the emails are localized, as in Japan where emails claimed that citizens in a local prefecture had contracted the coronavirus.
As with any email message, use caution and take an extra second to think before you click.
- Verify the sender’s true email address (often different from the sender’s name).
- Don’t click on suspicious links, especially files that end with “.exe.”
- Use your browser and go to official websites for information from government and health agencies.
- Keep your software and anti-virus up-to-date by always installing patches and updates.