The US and UK governments have issued a new alert, warning users to avoid clicking any suspicious email or text message links related to government relief funds.
The alert, titled "COVID-19 Exploited by Malicious Cyber Actors" highlights the many ways the coronavirus pandemic is being exploited by bad actors. It was released as a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC).
According to the announcement, government security agencies are seeing an influx of COVID-19 related scams, put out by advanced persistent threat (APT) groups and cybercriminals. Like many scams, the perpetrators rely on both fear and trust to trick their targets.
The most common of these scams are phishing scams. A malicious party pretends to be from a reputable organization -- such as the government or the victim's bank -- and sends them an email or text message. The message will often state that a victim's account needs to be verified or that they need to provide additional information through a provided link. The information can then be used to log into the account in question.
New malware is also being distributed, using coronavirus or COVID-19 themed lures. By installing malware onto a victims computer, a cybercriminal can monitor the user's activity and siphon login data from sensitive sites, such as credit card and bank websites. Malware often masquerades as attachments in emails or files shared on social media.
An example of an Italy-based malware scam, designed to install a keylogger onto a user's computer
"NCSC has observed various email messages that deploy the "Agent Tesla" keylogger malware. The email appears to be sent from Dr. Tedros Adhanom Ghebreyesus, Director-General of WHO," reads the alert. "This email campaign began on Thursday, March 19, 2020. Another similar campaign offers thermometers and face masks to fight the epidemic. The email purports to attach images of these medical products but instead contains a loader for Agent Tesla."
Lastly, the announcement reminds people to be safe when using virtual private networks (VPNs) and video conferencing software. There are known vulnerabilities affecting VPN products from Pulse Secure, Fortinet, and Palo Alto. There are known scams related to video conferencing software released by both Zoom and Microsoft Teams.
It is essential to realize that the government -- whether in the U.S. or U.K. -- is not going to send out any information via text or email that will result in getting a relief payment. While many tech-savvy folks already know this, it may be a good time to refresh less tech-savvy people on how to keep themselves safe from scams.