Security News > 2020 > February > Hackers imitating CDC, WHO with coronavirus phishing emails
Last week, IBM and Kaspersky caught hackers in Japan trying to spread malware through emails with links about the coronavirus outbreak that started in Wuhan, China, in January.
Now, Kaspersky and Sophos have found phishing emails from cybercriminals purporting to be from the Centers for Disease Control and Prevention and the World Health Organization that are attempts to steal email credentials and other information.
In a blog post, Kaspersky researcher Maria Vergelis explained that they found phishing emails coming from "Cdc-gov.org," instead of the CDC's real domain at cdc.
Kowsik Guruswamy, CTO of Menlo Security, said this new campaign shows that companies have to be proactive about training employees how to spot these kinds of emails and attacks, which will become more prevalent especially with major news events like the coronavirus.
Vergelis wrote that companies and regular people should expect to see many more emails like this as hackers realize how effective it is to exploit situations like coronavirus spread. "The coronavirus as a topic is heating up among malefactors of various kinds, so expect to see other malicious campaigns using the deadly virus as bait. Recently we've seen spam campaigns selling masks, which some perceive as the first line of defense against the virus," Vergelis added.
News URL
Related news
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishing emails delivering infostealers surge 84% (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)