Cyber criminals are spreading the highly dangerous off-the-shelf Emotet, a phishing Trojan-turned-botnet, by exploiting widespread fears of infection by the novel coronavirus, according to ComputerWeekly. Disguised as an email from a provider of disability welfare services, the Emotet coronavirus campaign has targeted users in several Japanese prefectures. This is not the first time that hackers and scammers have taken advantage of the virus, and the first reports of criminals using coronavirus-themed emails to phish potential victims occurred just days after the illness began spreading.
It’s really difficult for organisations to stay protected, because there is so much variety in social engineering threats and the Coronavirus is just the latest example. People are concerned the Coronavirus and are perhaps more vulnerable to emails purporting to be about that.
Protecting the enterprise against such attacks is done via a combination of education, testing and technology. Staff need to be trained on a regular basis about new threats and the best ways to deal with them, phishing tests must be carried out regularly and the right technology is essential. It must protect staff and detect the real phishing messages as best as it can – bearing in mind that it’s a constant arms race between the security vendors and cyber criminals, who are more than willing to use news such as the Coronavirus to get people to open emails and click on the links.
Disguising threats in current news topics is nothing new, but it still works extremely well on some people so cyber criminals tend to exploit them whenever they can. The coronavirus is a particularly newsworthy subject that is known around the world, so these sorts of campaigns tend to reach many people in all regions effectively.
However, advice to spot such nefarious emails still remains the same. I suggest people take a moment to look at the email address these emails are coming from- and never click on an unsolicited attachment. Regardless of why you may have received the email, it’s always safer to do your homework on the origin of the email than have another type of virus to worry about.