NCIS: Hackers and Scammers Taking Advantage of Coronavirus Outbreak

The U.S. Navy's law enforcement and counterintelligence arm, NCIS, warned Wednesday that the novel coronavirus pandemic has created a new opportunity for hackers to target unwitting servicemembers and the general public. The new coronavirus-related attacks include spearphishing campaigns, financial scams, and disinformation campaigns via social media; their aims are varied, and may include stealing sensitive information, defrauding people of money via fake donation websites, spreading false information and delivering malware to victims' computing systems.  

Several spearphishing campaigns seen since January have pretended to represent well-known healthcare organizations, including the U.S. Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). In many cases, victims receive coronavirus-themed emails asking them to open an attachment or click on a link to obtain details about the coronavirus. Once a victim clicks on the attachment or link, they are directed to a malicious website asking the victim to enter login credentials.

Law enforcement agencies have also found online fraud campaigns in which victims received hoax emails from what appear to be the CDC, requesting donations via Bitcoin to fund an “incident management system” for the coronavirus pandemic. In February, aencies also observed a spearphishing campaign targeting Japan-based internet users with emails that appeared to provide information relating to coronavirus prevention. The emails included malicious Microsoft Office files that upon opening would initiate the download of a sophisticated malware program known as Emotet.

In addition, U.S. officials have released statements advising that Russia is likely behind coronavirus disinformation campaigns that are being spread via social media. Reports indicate thousands of Twitter, Facebook, and Instagram accounts have been used to spread false information about the coronavirus pandemic.

To identify and avoid human-factor cyberattacks that could lead to data breaches or financial losses, NCIS recommends:

- Use complex passwords, use different passwords for different services, and change passwords often.
- Go directly to a trustworthy website for information rather than clicking on email attachments, links, or pop-ups.
- Double-check a website address prior to typing it in, as scammers often slightly alter URLs so they closely resemble a legitimate URL.
- Do not enter sensitive data such as username and password into websites that do not typically ask for it.
- Use multi-factor authentication whenever possible.
- Check for spelling and grammatical errors within the contents of emails or suspicious websites.
- Keep systems updated and running antivirus software.