Profiting from panic

By: Ashish Thapar

Full Transparency

Our editorial transparency tool uses blockchain technology to permanently log all changes made to official releases after publication. However, this post is not an official release and therefore not tracked. Visit our learn more for more information.

More of our content is being permanently logged via blockchain technology starting [10.23.2020].

Learn more

The great American businessman and philanthropist, John Rockefeller once said “I always tried to turn every disaster into an opportunity.” I doubt he ever envisaged that his words would be heeded by criminals waiting to profit from panic.

Our friends from Recorded Future have confirmed the registration of thousands of fake coronavirus-related websites. Make no mistake, these domains are being used to phish for information or to infect computer networks with malware. Preying on current fears due to the global outbreak of COVID-19, criminals are banking on unsuspecting employees clicking on coronavirus-related links without thinking. The threat risk is further exacerbated by the hundreds of thousands of employees worldwide now working from home.

In its weekly summary, Verizon’s Threat Research Advisory Center outlined a number of security-related developments including patches for over 116 Microsoft products and a number of attacks involving multiple advanced persistent threat (APT) actors.

What are they doing?

Among the multiple organizations issuing warnings, the Federal Trade Commission has issued a memo alerting consumers to the increase in spoofed emails, text messages, and phone calls that claim to be from the Centers for Disease Control (CDC). These websites offer a “cure” to the virus with remedies, vaccines and testing kits.

According to the UN health agency, criminals are also attempting to pose as WHO representatives in an effort to carry out a variety of scams, from account takeovers to phoney donation requests and the spread of malware.

KrebsonSecurity has reported that an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious web sites to spread malware.

How are they doing it?

Even before COVID-19 crept up on us, phishing was a popular — and effective — technique for attackers. Phishing is an attempt to steal your credentials and obtain sensitive information, often via an email message containing a link to a fake website that looks like a log-in page from a cloud-based email provider. In 2019, nearly a third of all breaches involved a phishing attack, making it the top threat action used in successful breaches, according to Verizon's 2019 Data Breach Investigations Report (DBIR).

When the bad guys come looking for you, they’re aware that your company has security protocols in place, so threat actors are usually forced to take at least a few actions before they get what they want. The DBIR goes on to note that 28% of the more than 2000 breaches involved malware infections – usually delivered by email - and 29% involved the use of stolen credentials, both of which are frequently accomplished through phishing attacks.

What can you do?

To avoid any risk, if you spot emails coming from coronavirus-related domains, do not click on any attachments, simply delete the emails. Be wary of websites soliciting for donations, offering medical advice and supplies and advice on the financial markets. In short, don’t take the bait and click on links from sources you don’t know.

If the email message is conveying an important or urgent matter from an organization you know e.g. your bank or hospital, contact the sender through alternate and official channels. Of course, it goes without saying that you need to keep your system security up-to date and encrypt or password-protect sensitive information. If you’re working from home, please also ensure that your VPN contains two-factor authentication to secure your network connection.

Find out more about phishing, malware and the Verizon Data Breach Investigative Report here.

You can read more on this topic on our enterprise resource center

Here are additional details on Verizon's response to the coronavirus pandemic.

For related media inquiries, please contact

Mobile OS and apps also restrict the availability of information often necessary for verifying whether an email or webpage is fraudulent. For instance, many mobile browsers limit users’ ability to assess the quality of a website’s SSL certificate. Likewise, many mobile email apps also limit what aspects of the email header are visible and whether the email-source information is even accessible – 2019 Verizon Data Breach Investigative Report

About the author:

Ashish Thapar is the Managing Principal for Asia Pacific at Verizon’s Threat Research Advisory Center (VTRAC) where he is responsible for customer-facing cyber incident response, digital forensics, electronic discovery, threat intelligence and IT investigations.

Related Articles

As businesses feel the unforeseen impact of cancelled events and travel, here are five actions to keep your business running and ready for more possible changes.

Tami Erwin, CEO of Verizon Business, outlines the five lessons successful businesses will get right in the post-Covid world.