sb-nz logo
Story image

Scammers using Bitcoin, sextortion to take advantage of Coronavirus fears

Scammers are using the COVID-19 outbreak to target victims in a variety of ways, looking to take advantage of the crisis gripping the world. 

Sophos has been tracking cybercriminals taking advantage of the situation, and says they are adapting and updating attack methods as real-time news unfolds. 

A bogus email impersonating a charity with the World Health Organisation logo is requesting Bitcoin with wallet ID. 

Chester Wisniewski, principal research scientist, Sophos says as people's fear and desire to do something about COVID-19 is dominating the news, it is also being exploited in every way by online criminals. 

"First, Sophos noticed phishing attackers using the World Health Organization (WHO) as a lure. Next, numerous malware gangs began to disguise their malicious wares as COVID-19-themed documents. Now today, we are seeing cyberattackers impersonating WHO charities, this time the COVID-19 Solidarity Response Fund. 

"These emails are fake, but very real looking and take advantage of new and until recently unheard of charitable organisations.," he says. 

"The tell-tale clue is the request for Bitcoin, rather than credit cards or other currency. Due to the ability to trace and stop real wire transfers and credit cards, criminals prefer to rely on crypto-currencies to attempt to preserve their anonymity and freedom and the Bitcoin payment request seen here is a sign that something isn't right about this email," says Wisniewski. 

"We haven't seen the novel nature of this attack before - impersonating charities around COVID-19."

Wisniewski says  any time the public's interest becomes fixated on a topic, scammers, spammers and malware authors latch on to the news and are determined to find a way to exploit the opportunity. 

"We've seen this type of activity in the past, but rarely is the whole world so focused on one thing, making this chance to develop scams a little too good to be true for cybercriminals," he says.

He says almost all types of malicious online activity Sophos typically observes right now has in one way or another taken advantage of a COVID-19/Corona theme. 

"There are limitless quantities of spams pitching expensive guaranteed Corona-proof masks, videos on how to construct your bunker and other "guides" to keeping your business or family safe. We have also seen common email-borne malware families like Fareit and Trickbot sending Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) themed malicious emails. The latest? Spams purporting to be from charities affiliated with the World Health Organization (WHO) asking for Bitcoin donations to assist those on the front lines fighting this outbreak. Whether you trust your government or not, criminals are emailing you to exploit your fear or distrust," says Wisniewski.

"Let's be clear. If you want advice from those who truly know what is happening, visit the website of your local health authority or ministry of health. Make a bookmark in your browser for the *real* WHO website at, and if you really want to make a financial contribution to those helping us stay safe in this fight, don't send Bitcoin, but go to the official website for the COVID-19 Solidarity Response Fund."
Sophos has also released a detailed article about an Android malware uses coronavirus for sextortion and ransomware combo.

"Like many other cyberthreats doing the rounds these days, the criminals have used the coronavirus pandemic as a lure, offering an intriguing if rather creepy app called COVID 19 TRACKER. The app offers to Track Real-Time Coronavirus Outbreak in your Street, City and State, and says it will Get Real-Time Statistics about Coronavirus outbreaks around you in over 100 countries," the company explains.

"However, if you're keeping your eye out for giveaway mistakes, it actually says outbreak around you, an error both of grammar and spelling.

Unlike most scams that come through via phishing emails, this is a done via an app, and it's important we remain vigilant, especially during difficult times like these."

Link image
How to head off a rise in DDoS attacks
Many businesses invest in costly DDoS mitigation and protection solutions, but few test them. NCC Group tests all environments and is one of only two AWS DDoS Test Partners. Claim 10% off your next DDoS service today.More
Story image
Backups as a last line of defence are under threat
Malware can incrementally overwrite and encrypt backups, rendering them inadequate as an insurance policy against ransomware.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
Video: 10 Minute IT Jams - Who is LogRhythm?
LogRhythm VP of sales for Asia Pacific Simon Howe, who discusses the company's primary offerings and services, what products the company is focused on for the future, and the infrastructure it has in the A/NZ market.More
Story image
New project development inhibited by cybersecurity, Kaspersky research states
"There are still some practical steps that can be taken to make sure that an emerging technology or a product reaches its launch. Cybersecurity doesn’t have to be another corporate barrier, but it should be on an integral part of the project all long."More
Story image
SOC, SIEM, SOAR and SASE define Fortinet’s Security Fabric
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, deciphers the jargon and explains how an alphabet soup of integrated security services spells comprehensive protection for your network and ensures business continuity.More