Security News > 2020 > February > Hackers imitating CDC, WHO with coronavirus phishing emails
Last week, IBM and Kaspersky caught hackers in Japan trying to spread malware through emails with links about the coronavirus outbreak that started in Wuhan, China, in January.
Now, Kaspersky and Sophos have found phishing emails from cybercriminals purporting to be from the Centers for Disease Control and Prevention and the World Health Organization that are attempts to steal email credentials and other information.
In a blog post, Kaspersky researcher Maria Vergelis explained that they found phishing emails coming from "Cdc-gov.org," instead of the CDC's real domain at cdc.
Kowsik Guruswamy, CTO of Menlo Security, said this new campaign shows that companies have to be proactive about training employees how to spot these kinds of emails and attacks, which will become more prevalent especially with major news events like the coronavirus.
Vergelis wrote that companies and regular people should expect to see many more emails like this as hackers realize how effective it is to exploit situations like coronavirus spread. "The coronavirus as a topic is heating up among malefactors of various kinds, so expect to see other malicious campaigns using the deadly virus as bait. Recently we've seen spam campaigns selling masks, which some perceive as the first line of defense against the virus," Vergelis added.
News URL
Related news
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Phishing emails delivering infostealers surge 84% (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- CoGUI phishing platform sent 580 million emails to steal credentials (source)
- Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails (source)
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign (source)
- Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages (source)