Security News > 2020 > February > Hackers imitating CDC, WHO with coronavirus phishing emails

Last week, IBM and Kaspersky caught hackers in Japan trying to spread malware through emails with links about the coronavirus outbreak that started in Wuhan, China, in January.
Now, Kaspersky and Sophos have found phishing emails from cybercriminals purporting to be from the Centers for Disease Control and Prevention and the World Health Organization that are attempts to steal email credentials and other information.
In a blog post, Kaspersky researcher Maria Vergelis explained that they found phishing emails coming from "Cdc-gov.org," instead of the CDC's real domain at cdc.
Kowsik Guruswamy, CTO of Menlo Security, said this new campaign shows that companies have to be proactive about training employees how to spot these kinds of emails and attacks, which will become more prevalent especially with major news events like the coronavirus.
Vergelis wrote that companies and regular people should expect to see many more emails like this as hackers realize how effective it is to exploit situations like coronavirus spread. "The coronavirus as a topic is heating up among malefactors of various kinds, so expect to see other malicious campaigns using the deadly virus as bait. Recently we've seen spam campaigns selling masks, which some perceive as the first line of defense against the virus," Vergelis added.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)