Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

Scammers take advantage of COVID-19 with malware

Your going to see a lot of news about the COVID-19 coronavirus over the coming weeks, and while health the main focus, scammers are using the topic, too.

If there’s one thing you can bet on, it’s that scammers will do what they can to make an impact on your life using the resources they have available. Commonly used resources typically include big topics of the time, and that’s because we’re paying attention to them, as topical situations are at the front of mind.

It’s why tax scams really kick into gear as the tax season revs up, and it’s why scammers are latching onto the novel coronavirus, turning what is easily a talked-about topic into one that is loaded with something else.

In a scam picked up by Sophos, security researchers have found a spam message going around laced with “Trickbot” malware. The email offers up a document that is supposed to contain precautions to fight and prevent the COVID-19 coronavirus, but instead delivers a payload of a virus that can steal online banking credentials.

Essentially, it’s a scam that is supposed to prevent you from getting one virus, but instead rewards you with another entirely different one.

“The cybercriminals behind Trickbot are likely skilled attackers who leverage the concern of the day to scare people into clicking,” said Chester Wisniewski, Principal Research Scientist for Sophos.

“While this is in Italy now, we would expect a similar attack in other countries where fears of COVID-19 outbreaks are high,” he said.

Like all scams, however, it’s one where you’ll want to pay attention where it’s from, because scammers can only fake some of the way to a real looking message, and not the entire thing.

Scammers can fake the name, but not the email address

Fun fact about scammers: they may be able to fake the name, but they can’t fake the actual email address it comes from.

In these emails, a sender’s name could say “World Health Organization” or “WHO” or “CDC”, but it doesn’t matter, because the email address will likely be something ridiculous or outlandish.

You probably haven’t requested any messaging about coronavirus, particularly from the WHO, and it doesn’t have everyone’s email addresses, so it’s not just sending these out. So make sure to take these sorts of emails and their addresses with a grain of salt.

Email scams often feature strange sender names and addresses
Email scams often feature strange sender names and addresses, like this one which came from what appeared to be an MYOB automated invoice, but was in fact a scam with odd details. Just know that scammers are betting on you only checking one aspect of the email, but if you’re not sure, look into the “from” field and see more about who apparently sent you the email, and watch it raise red flags.

Don’t download files from emails you don’t know

It might look legit, but files that come from sources that look legit aren’t always that way.

In fact, documents are a good way for scammers and cybercriminals to encase viruses, as they can load when you open them up, so be wary of files on emails from people you don’t have a relationship with already, or that you’ve requested.

It is incredibly easy to fake a website and put up an imposter website designed to trick, so if you’re guided to click a link by an email, look at the URL it’s sending you to.

Scammers can’t fake the real URL, even if they can fake how the website looks. The internet doesn’t work in a way where they can fake the website address, but borrowing the look and feel isn’t difficult at all.

Scammers can fake a secure site with a padlock, because getting a security certificate isn’t easy, but they can’t fake a real website address of a known and established website that you know the URL of and appears on Google.

To check if a website is real, look at the address bar and see if it looks like the real deal, or Google it and see where it takes you. Scammers can’t fake the website address, and so often try something outlandish thinking you won’t check.

If it’s an email that raises red flags, scrutinise it

Computer, emails, smartphones, iPhones

Your Spidey-sense probably isn’t wrong about weird and dodgy emails. If you have your feelers up because you didn’t request a document, because the email address is wonky, and the spelling in that message isn’t the best — which you’d expect it to be right — plus there’s a random file attached when they could have just emailed you what’s inside of it, your Spidey-sense is probably on the money.

If you feel something is wrong with an email, don’t click anything — no files, no links — scrutinise it.

The email doesn’t look real, and has two email addresses inside of it: one at the front to fake you out and one at the back? That’s an attempt to trick you. Delete.

Oh there’s a Word DOCX attached for a special sheet on coronavirus prevention suggestions when it could just have included that in the email, or linked you to a webpage? And you didn’t request a document from the people sending it to you? Delete.

You’ve been linked to a website and it’s asking you for login details or money or some other thing that just seems out of kilter? Check the website address, check the wording, oh and hit that shiny “delete” button.

Scammers will do anything they can to relieve you of money, and while it might seem like they’re one step ahead, they’re often just tuned into the same news and current events affecting everyone else, too. And they’re betting that you won’t check the signs, and hope you’ll fall for their scams.

Don’t let them. If you read an email and look at some of the things inside it more carefully, you might just find an email that you won’t fall for, and a welcoming “delete” button only too happy to be used.

Read next