Coronavirus phishing scam

March 5, 2020
corona virus phishing scam antiphishing phishing attack

The Coronavirus outbreak is an ongoing epidemic of the coronavirus-family of diseases caused by SARS-CoV-2, which began in December 2019. It was first noticed in Wuhan, the capital of Hubei province China, after 41 people presented with pneumonia of no apparent cause.

United Nation’s World Health Organization announced that the Coronavirus upsurge a public health emergency. As the death toll from the virus reached 3252 as of March 4 confirmed cases in 33 countries and territories. The fatality rate is still being assessed.

As Coronavirus keeps spreading and gives fear to many people from around the world, cybercriminals are taking advantage of this outbreak to create different malicious activities.

Some phishing campaigns are incorporating fake domains that mirror the US Center for Disease Control and Prevention and the World Health Organization. While other cybercriminals send out phishing emails that exploit the effect of Coronavirus in the Global shipping industry.


Fraud CDC Phishing Scam

Kaspersky researchers found out that cybercriminals are using the Wuhan coronavirus as bait, trying to hook for e-mail credentials.

The phishing e-mail appears to look like a legitimate email from the Centers for Disease Control and Prevention as it includes a domain whereas the CDC’s real domain is Anyone who receives this email and not giving full attention will be likely fall for it.

This email claims that the CDC is continually doing monitoring regarding the outbreak and has set up an Incident Management System to coordinate a domestic and international public health response. It provides a link that appears to point to the legitimate CDC website:

Once the victim clicked on the link, the browser will redirect to a page that looks like a Microsoft Outlook interface (to lure the victims thinking that they are logging into their Outlook account). It has a field to enter your e-mail address credentials. Once the unsuspecting victim enters the email credentials it will then forward the victim’s email credentials to the criminals that will be later used to access the victim’s email and steal valuable information on the email.


corona virus phishing scam antiphishing phishing attack

Photo Source: Kaspersky



Global Shipping Scam

Another case is where Cybercriminals exploited Coronavirus fears by sending out Phishing emails that target worldwide shipping, as it is one of the industries that is hugely affected by this epidemic. Attackers are mostly drawn to shipping disruptions, including manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic companies.

This example of a phishing email contains a subject line “Coronavirus – Brief note for the shipping industry.” it includes a Microsoft Word document exploit, a 2.5-year-old vulnerability, and installs AZORult, a data-stealing malware.

In a nutshell, AZORult is a Trojan stealer that collects various data on infected computers and sends it to the C&C server, including browser history, login credentials, cookies, files from folders as specified by the C&C server.


corona virus phishing scam antiphishing phishing attack

   Photo Source: Kaspersky


Considering these latest attacks, organizations and individuals must exercise extra caution around Coronavirus-themed phishing emails, links, or websites because of increased fear we all have from the epidemic, fear which attackers are seeking to exploit.


What to do?

  • Be attentive. Be wary if you received an email from an unknown source. Make sure you don’t act on the advice you didn’t ask for and weren’t expecting.
  • Check the URL before you click. If the website you got redirected to seems suspicious, be wary, and make sure to check if you are getting information from a legitimate source.
  • Look out for spelling and grammatical errors. Spend more time to review messages for indications that it’s a fraudulent email.
  • If you realize that you just revealed your password to anyone, make sure to change it as soon as you can. Cybercriminals who run these scams try out the password immediately or sometimes automatically after obtaining the credentials (even part of a password can be utilized!)
  • Use a Security solution. Make sure to install security solutions that automatically detect phishing websites and block access to them.
About the author

Leave a Reply