(U.S. Navy photo by Joe Bullinger)

NCIS: Beware of Coronavirus-Themed Scams

The novel coronavirus pandemic presents an opportunity for malicious actors to conduct spearphishing campaigns, financial scams, and disinformation campaigns via social media to collect sensitive information, steal money via fake donation websites, spread false information, and deliver malware to victims.

Several spearphishing campaigns since January have falsely represented various healthcare organizations, including the U.S. Centers for Disease Control and Prevention and the World Health Organization. In many cases, victims receive coronavirus-themed emails requesting the victim to open an attachment or click on a link to obtain details about the coronavirus. Once a victim clicks on the attachment or link, they are directed to a malicious website requesting the victim to enter login credentials.

Law enforcement agencies have observed campaigns wherein victims received hoax emails from what appear to be the CDC requesting donations via Bitcoin to fund an “incident management system” in response to the coronavirus pandemic. Agencies also observed in February a spearphishing campaign targeting Japan-based Internet users with emails that appeared to provide information relating to coronavirus prevention. The emails included malicious Microsoft Office files that upon opening would initiate the download of a sophisticated Trojan known as Emotet.

U.S. officials have released statements advising Russia is likely behind coronavirus disinformation campaigns that are being spread via social media. Reports indicate thousands of Twitter, Facebook, and Instagram accounts have been used to spread false information about the coronavirus pandemic.

Although there is no evidence that the Department of the Navy has been targeted, NCIS urges DON personnel to remain vigilant and use the following best practices to identify and avoid online scams:

  • Use complex passwords, use different passwords for different services, and change passwords often.
  • Go directly to a trustworthy website for information rather than clicking on email attachments, links, or pop-ups.
  • Double-check a website address prior to typing it in as scammers typically slightly alter URLs so they closely resemble a legitimate URL.
  • Do not enter sensitive data such as username and password into websites that do not typically ask for it.
  • Use multi-factor authentication whenever possible.
  • Check for spelling and grammatical errors within the contents of emails or suspicious websites.
  • Keep systems updated and running antivirus software.

If you have been targeted with this scam, please report it to NCIS using the NCIS Tips app or at www.ncis.navy.mil.

Read more at NCIS

(Visited 188 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

Like HSToday?  Want to Keep the News, Commentary, and Practitioner Insights Coming? The COVID emergency has hit us hard and as a non-profit 501(c)(6) we are ineligible for any relief.

Please support us with a donation of $5 so we don't need to lay anyone off!

Thank you in advance for your consideration!

DONATE NOW
Go to Top
X
X