Home Articles FBI’s Warning on COVID-19 Phishing Emails

FBI’s Warning on COVID-19 Phishing Emails


As the global COVID-19 pandemic worsens, FBI and security firms has warned of increasing phishing attacks. Read on to know more…

As the global COVID-19 pandemic worsens, FBI and security firms has warned of increasing phishing attacks based on Coronavirus. To reduce the impact of such attacks, the FBI Internet Crime Complaint Center (IC3) has issued an alert to warn users about fake phishing emails. The IC3 has asked people to be cautious of emails that claim to be from the Centers for Disease Control and Prevention (CDC) or other healthcare organizations.

FBI Report
FBI has alerted users to watch out for emails that offer to provide information on the pandemic. It has urged people not to click on links or open attachments as threat actors can use them as channels to deliver malware designed to steal personal information from computers. Threat actors can also use malicious links to lock computers and demand payment. FBI has cited that these emails can also be from different entities related to charity for the disease, general financial relief, airline carrier refund, fake cures and vaccines, and fake testing kits. The email asks the recipient to verify their personal information to receive further updates.

One such phishing email incident that tricks victims into downloading malware through HHS.gov open redirect has come to the notice recently.

Spoofing WHO
Meanwhile, researchers also are finding that cybercriminals are continuing to spoof organizations that are providing COVID-19 updates to the public. For example, IBM X-Force found recent phishing emails spoofing the World Health Organization (WHO) and claiming to come directly from Dr. Tedros Adhanom Ghebreyesus, the director-general of the United Nations organization.

In the phishing emails that IBM researchers found, cybercriminals were using spoofed messages from WHO to spread HawkEye malware, a type of keylogger that has been gaining in popularity with cybercriminals gangs since newer versions were spotted by in the wild in July 2019. IBM researchers first began seeing the spoofed WHO emails with Ghebreyesus’ name on Thursday. These emails contain an attached file, called Coronavirus Disease (Covid-19) CURE.exe, which hides a .NET executable file, according to the IBM report.

Using obfuscation techniques, the first executable downloads a second .NET executable file that has the ability to turn off Windows Defender by changing registry items, according to the report. When the Hawkeye keylogger is downloaded, it gives the attackers the ability to capture screenshots and data from browsers and email clients including Mozilla, Postbox, Thunderbird, SeaMonkey, Flock, BlackHawk, CyberFox, KMeleon, IceCat, PaleMoon, IceDragon and WaterFox, according to IBM researchers.

The FBI has asked people to follow good cyber hygiene and security measures to prevent falling victim to such scams. Among the basic security measures recommended by law enforcement agency, it includes:

• Do not open attachments or click links within emails from senders you don’t recognize.
• Do not provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
• Always verify the web address of legitimate websites and manually type them into your browser.
• Check for misspellings or wrong domains within a link (for example, an address that should end in a “.gov” ends in .com” instead).


Please enter your comment!
Please enter your name here

− 4 = 4