Watch Out for COVID-19 Documents Laced with Malware
We Know That COVID-19 Related Phishing Scams Are on the Rise, But Researchers Are Warning of “Macro-Laced” Document Attachments with Coronavirus Themes.
As the coronavirus pandemic continues, cybercriminals have been increasing their efforts. It’s no surprise. Cybercriminals have always taken advantage of major headlines. After all, what better way to get someone to open your email or click on your link than mentioning something HUGE that’s happening in the world, right? Unfortunately, as more people are working remotely than ever before, businesses are more open to attacks than usual.
Why? Because remote workers tend to have fewer security measures in place, such as firewalls, anti-virus software, and up-to-date systems that are designed to prevent vulnerabilities that lead to infections. We’ll review how to keep remote workers safe, but right now, let’s take a look at the threat of COVID-19 documents laced with malware.
How Do You Know If a COVID-19 Document is Malicious?
Essentially, these documents claim to contain coronavirus-related information, whether it’s details about an upcoming vaccine or local cases in your geographic region. Cybercriminals are getting more sophisticated with their attacks – meaning it’s not surprising to have a document sent to you that’s personalized for you – mentioning your name, city, and other personal information.
Upon opening these COVID-19 documents, you’re asked to enable the editing or enable content. At this point, malicious software is installed onto your computer. So how do you know if a COVID-19 document is malicious? Here are a few ways to tell:
- Check the source: Always double-check the source, whether it’s on a website or through an email, and make sure it’s a legitimate domain. If there are any mistakes or it’s a generic gmail.com or hotmail.com address, it’s likely not authentic. You can also call the organization directly – assuming they’re claiming to be from something like the CDC, WHO, etc.
- Look for urgency: If there is any sort of sense of urgency, such as “read this right away to make sure you’re safe” or “attention: a vaccine is being released” or anything of the sort, it’s likely a scam. Most legitimate organizations will announce important information on their website without the need for end-users to open a file of any kind or send over any information.
- Watch for spelling and grammar: Cybercriminals are known for lacking a thorough proofing and editing process, whereas legitimate organizations typically double-check their information for spelling and/or grammar errors before sending out or publishing anything. Look for spelling and grammar errors. If there are any errors, it’s likely a scam.
The FBI has already issued detailed alerts regarding COVID-19 related scams related to a range of topics, including:
Keep an eye out for anything suspicious, and remember, it’s doubtful that a legitimate organization will ever require you to download and edit a document.
Keep An Eye Out for Dangerous Phishing Emails and Phony Websites
Malicious documents will often be found in phishing emails and phony websites set up to take advantage of the coronavirus pandemic. Make sure you keep an eye out for the following common examples:
- Alerts, updates, or information via email or on the web about the epidemic.
- Free video conferencing tools or remote access solutions via email or on the web.
- Deals or purchase orders for masks, sanitizers, or other products via email or on the web.
Stay alert, and stay safe. Need a hand determining whether or not an email or website contains malicious documents? Get in touch with us via the chatbox or give us a call.
Like this article? Keep reading…