The US Secret Service warns about malicious email attachments related to coronavirus

Companies throughout the country trying to keep employees informed about the coronavirus are facing another threat, in the form of malicious emails, authorities say.

In a U.S. Secret Service alert sent this week to law enforcement and banking officials, the agency warns corporate America about fraudulent emails that contain malicious attachments.

“During the coronavirus outbreak, many companies and organizations have sent emails containing COVID-19 updates to their customers to make them aware of their current response and status. As these types of emails have now become increasingly frequent, criminals have started to use this familiarity to their advantage,” the alert, obtained by CNBC, said.

The agency said in the alert that it is investigating attempts in which the malicious email attachments would allow attackers to remotely install malware on computers to “potentially harvest credentials, install keyloggers or lock down the system with ransomware.”

The email attachment is usually a Microsoft Office or WordPad File, the alert said.

“However, it is always possible that different variations exist, or the attack vectors will evolve. Corporations should be aware they are being targeted, with the attackers potentially posing as a vendor, member of the supply chain, or other familiar entities that would not seem out of place,” the alert said.

Another version of this attack, the alert said, is an email supposedly from the U.S. Department of Health and Human Services that targets potential supplier companies by requesting they provide any medical protective equipment from a price list with the attachment containing malware. In most instances, “the email signature blocks used the identity of a legitimate employee. Keep in mind that typically, legitimate COVID-19 response emails have a message only in the body of the email and do not contain attachments.”

These attacks are the latest in a flood of coronavirus-related scams, according to authorities and consumer watchdogs.

For example, researchers at Akamai, which monitors and builds website defenses for companies, said on Thursday that they uncovered phishing attacks that start with a text message that is supposedly related to COVID-19 news, government updates or health-related products and services.

But “once the victim clicks the link, they’re directed to a domain and forwarded to another spoofing one of several well-known brands. Some of the brands being abused to target potential victims include Microsoft, Orange France and eBay,” according to a post on Akamai’s website.

Akamai researchers said criminals gain trust by pretending to be an insurance company, bank or trusted brand, hoping that victims open emails with malicious links that access sensitive personal information.

And Menlo Security, a Palo Alto-based cybersecurity company, said a recent attack on hundreds of companies stole login credentials by pretending to be an email from the CEO communicating critical COVID-19 information. The senders, who targeted key employees on the companies’ executive and finance teams, created personalized emails and copied the header, footer and general e-mail layout. Inside the body of the email was an attachment that contained a shortened URL. If employees clicked on the link, they were directed to a Microsoft login page that looked real but was stealing their username and password.

Menlo Security found that between Feb. 25 and March 25, there was a 32 times increase in the number of daily successful attacks, including a surge on March 11, the day the World Health Organization declared COVID-19 a pandemic.

The President of the European Commission Ursula von der Leyen also pointed on high rate of crimes amid the coronavirus. The President talked about fake websites, about the spread of false information on vaccines and called citizens for using reliable sources.

Leave a Reply