Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

ALERT: Coronavirus email scam discovered in Wisconsin and across the U.S.

February 3, 2020

UPDATE:

On Feb. 5, security experts detected scam emails arriving in the U.S. With the first case of coronavirus reported in a Dane County, Wisconsin resident, it is expected the frequency of these scams emails will increase in the state. Below are two images of phishing emails captured by security experts.

       

 

The top image was discovered by an Infosec staffer in a secured Hotmail account.  The bottom image is an email purporting to be from the World Health Organization was found by Sophos Security engineers.

Anyone discovering suspicious-looking emails similar to this should not click on any of the attachments and immediately delete it.

 

ALERT: Coronavirus email scam spreading malware

Infosec warns against clicking on phishing attempts

MADISON, Wis., Feb. 3, 2020Cybercriminals are now exploiting the intense interest and fear of the coronavirus outbreak to spread fake email messages containing malicious computer viruses and malware.

Infosec, a leader in cybersecurity education and security awareness training, warns as the coronavirus infection spreads, bad actors will try to capitalize on the terror and panic caused by the global outbreak.

“We can expect to see phishing emails containing malware in the U.S. soon,” said Jack Koziol, CEO and founder of Infosec. “Unfortunately, it’s not uncommon for cybercriminals to use high interest, high concern events as a method of tricking people into clicking on links and documents that then unleash viruses and malware into their systems.”

The emails are currently being seen in Japan, according to a report released by cybersecurity firm Kaspersky and IBM. This tactic can be expected to spread to the U.S and other countries as the number of confirmed cases increases.

“Everyone should be on the alert for these emails during the coming days and weeks,” Koziol added. “The elderly are often targeted with these types of scams, but it’s also possible for businesses to be targeted under the guise of tips for keeping employees and customers safe.”

The fake emails in Japan appear to be sent by a disability welfare service provider and include information indicating cases have been discovered in the recipient’s region. The emails also include an attached Word document masked as offering updates and health information.  Opening the attachment unleashes the malware, according to IBM.

Additional tips for detecting phishing email:

  • Numerous misspellings and grammar mistakes.
  • A false air of urgency for you to click immediately on attachments.
  • The URL may be different or slightly altered from a legitimate business represented as the sender.
  • Requests for personal information, such as bank account and credit card numbers for “verification purposes.” Reputable organizations never ask for this.

The virus was first reported in Wuhan, China, in December 2019. More than 9,600 infections are confirmed worldwide. Eleven cases are currently confirmed positive in the U.S. All of those cases are imported from other countries. There is a report of one person-to-person coronavirus spread in the U.S., according to the Centers for Disease Control and Prevention (CDC).