CYBER criminals are taking advantage of the Coronavirus (Covid-19) outbreak by sending scam emails claiming to be from the World Health Organization (WHO).
The aim of the scam is to trick targets into opening links that claim to be WHO "safety measure" information.
Experts at SophosLabs tracked this scam campaign in Italy, where the Coronavirus outbreak has been particularly bad.
However, similar scams to this happen all over the world.
For the Italy focused scam, the crooks made it look convincing by writing in Italian, pretending to quote a WHO Italian official, referencing the virus outbreak in the country and stressing that Italians in particular should read the attached document.
Unlike some phishing scams which are very general so they can be sent to as many people as possible, this one seems to be trying to play on fears where they will be most acute in the hope of getting more clicks.
A translated version of the email reads: "Coronavirus: important information on precautions.
"Because there are documented infections in your area […] we strongly recommend that you read the document attached to this message!"
Instead of a scam link in the email, targets are encouraged to open an attached document.
This document comes with an edited warning and urges people to enable the content.
Clicking 'Enable Content' will then load malware onto your computer.
SophosLabs found that the bug is a well-known type of Windows malware called Trickbot.
Trickbot actually started out as a type of malware that tried to access your bank account.
Nowadays, it can lead to a full-scale ransomware attack, meaning you could be asked to pay a ransom to stop the criminals.
Some hackers who use Trickbot have been known to demand six or seven figure ransoms.
By uploading Trickbot on your PC, hackers could soon have access to your passwords and data.
How to avoid a phishing scam
Firstly, you should be thorough when checking who the email is from.
Even if it looks official you should double check the email and look for any spelling mistakes or slight abnormalities in the sender's email address.
Never feel pressurised into opening an attachment and avoid clicking the phrase "enable content".
You should also be wary of links in emails.
If you're certain an email you have received is a scam then delete it.
What is phishing?
Here's what you need to know…
- Phishing is a type of online fraud
- It's typically an attempt to nab some of your data
- Phishing generally involves scammers posing as a trustworthy entity
- For instance, fraudsters could send you an email claiming to be your bank, asking for details
- Scammers can also set up fake websites that look like real ones, simply to hoodwink you
- Phishing can take place over email, social media, texts, phone calls and more
- The best defence against phishing is to be generally sceptical of weblinks and emails, especially if they were unsolicited
In other news, more than a billion Android phones and tablets are at risk of being hacked.
Invitations to hundreds of thousands of supposedly private WhatsApp chats have been published online.
And, Android users have been warned that some hugely popular apps on the Google Play Store could put them at risk.
Have you ever received a phishing email? Let us know in the comments…Source: Read Full Article