The arrival of the coronavirus has opened the door for cybercriminals worldwide to take advantage of people’s concerns. According to Mimecast, a British mail and internet security company, mails are circulating in the Netherlands from the National Institute for Public Health and the Environment (RIVM). These mails would keep you up to date on the current situation regarding corona. In reality, nothing could be further from the truth. They are used by cybercriminals to leave malware behind in recipients’ systems and to retrieve login details and other personal data.
Statement by the head of the e-crime department at Mimecast, Carl Wearn: “It’s a well-known phenomenon that cybercriminals respond to current events. We saw this, for example, in the Brexit and the forest fires in Australia. Now that corona has officially grown into a pandemic, phishers will be catching up on this on an increasingly larger scale. They take advantage of the hunger for information about corona. If someone on behalf of RIVM asks you for sensitive information, such as credit card or banking details, you know it is a trap. The ministry never asks for that information. So don’t click on anything.”
All kinds of excuses are used to gain the trust of the receiver. For example, mails are circulating asking employees to register for a seminar concerning corona, where the employee has to log on to a fake outlook website with an email address, username and password in order to register. The RIVM mail also contains a link that can be clicked on, after which malware is installed or personal data is extracted. In other mails, victims are then offered to receive a tax refund, whereby people forward sensitive bank information. Of course, this is not followed up and the victims are left behind with the risk that the cybercriminals misuse the personal data obtained.
As a result of these coronaphishing emails, approximately one million euros would have been stolen worldwide already.
If you have any questions about this phenomenon, you can always contact us by phone or email.
See some examples below: