Currently, many e-mail inboxes receive messages from companies almost every day, which indicate, for example, restrictions on their services, special hygiene measures in the context of their production or discount campaigns à la "order comfortably from home". It is therefore not surprising that cybercriminals are also jumping on this train and launching many phishing campaigns in the presence of the Corona virus.
Among other things, fake emails from the World Health Organization (WHO) circulate with malware in the attachment. There are also references to Sparkasse branch closings in which customer data is requested for phishing purposes. In other mails, respirators and similar articles are advertised to access data or to guide potential customers in fake shops.
Sparkasse closings as a phishing pretext
We received a notification via Facebook about spam emails in the name of the Sparkasse, which are currently in one of them Note on the website of the German consumer centers is warned. In it, the (actually in some places) closure of some branches of the bank is misused as a pretext for querying full addresses, (further) e-mail contact options and telephone numbers. Customers should enter the data on a phishing site linked in the email, from where it ends up with the criminals.
Thanks to the Sparkassen logo and the impeccable spelling and grammar, the e-mail is quite convincing; she also strikes with phrases like "prevention is not hysteria and ignorance is not courage! We hope for your solidarity and understanding!" exactly the tone that currently prevails in legitimate mails.
As always, the following applies here: Under no circumstances click on links or even enter data, but it is best to delete the email immediately. Sparkasse customers can register in a specially furnished Sparkasse blog on the corona virus provide information, among other things, on the subject of branch closings. You can find contact addresses, for example for telephone inquiries about the legitimacy of e-mails received, in the "Contact" area of the "Your" Sparkasse website.
Trojans in alleged WHO e-books
The security software manufacturer Malwarebytes is currently warning against an English-language e-mail with malicious code that is said to come from the WHO. It claims that the World Health Organization has compiled a free e-book on important Corona / COVID-19 protective measures, which is also attached to the email as a zip archive ("My Health Ebook").
The email text appeals to the recipient's sense of responsibility and gives the appearance of a high urgency to study the content of the supposed e-book. Lurks loudly in the zip archive Malwarebytes's blog entry instead, a downloader that reloads a (Windows-specific) Trojan called FormBook after a double click. It steals data from the Windows clipboard and browsers and logs keystrokes in order to then send everything to a remote server.
The WHO has posted a general warning against cyber criminals on its websitewho pretend to be WHO (employees). It clearly shows that the organization never sends email attachments that the recipient has not previously specifically asked for. Also, never ask them to open links that are not on the domain who.int demonstrate.
Fake shops use the run on protective masks and Co.
Already at the end of February the LKA Lower Saxony warned of e-mails with supposed protective mask offers. Several current examples from heise Security show that this mesh is still up-to-date.
"In addition to frequent, thorough hand washing, the FFP2 respiratory mask offers effective protection against pathogens. It can filter more than 95% of the microparticles and thus prevent diseases," says one such email. An embedded link points to the possibility to buy an inexpensive set of four "so that you can protect your whole family from the disease".
Such links often hide fake shops that look quite professional, which collect in advance but never deliver goods. Other scenarios are also conceivable, in which address and credit card data are simply collected or users are guided to websites with malware. In this context, the basic advice helps not to respond to offers by email that you have not requested yourself. Or to order the desired products from one of the large and reputable suppliers right from the start.
The list of current examples of phishing and malware campaigns related to Corona could be expanded considerably; This means that special care is currently required with emails with the appropriate subject and content. You can find basic tips on how to identify such and similar scams via spam or phishing emails here:
. (tagsToTranslate) Corona Virus (t) Email (t) Crime (t) Malware (t) Phishing (t) Spam