{"id":17666,"date":"2020-02-07T02:30:08","date_gmt":"2020-02-07T10:30:08","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/02\/07\/news-11401\/"},"modified":"2020-02-07T02:30:08","modified_gmt":"2020-02-07T10:30:08","slug":"news-11401","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/07\/news-11401\/","title":{"rendered":"Coronavirus phishing"},"content":{"rendered":"<p><strong>Credit to Author: Maria Vergelis| Date: Fri, 07 Feb 2020 09:55:56 +0000<\/strong><\/p>\n<p>Some malefactors just don&#8217;t know when to stop. First, we saw <a href=\"https:\/\/usa.kaspersky.com\/blog\/coronavirus-used-to-spread-malware-online\/20213\/\" target=\"_blank\" rel=\"noopener noreferrer\">malware masked as files about coronavirus<\/a>, and now they&#8217;re sending phishing e-mails that exploit the very same epidemic.<\/p>\n<h2>Phishing with the coronavirus for e-mail credentials<\/h2>\n<p>The letters appear to come from the Centers for Disease Control and Prevention, which is a <a href=\"https:\/\/www.cdc.gov\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">real organization in the United States<\/a>, and they do recommend some actions regarding the coronavirus. The e-mails also come from a convincing domain, <strong>cdc-gov.org<\/strong>, whereas the CDC&#8217;s real domain is <strong>cdc.gov<\/strong>. A user not paying careful attention isn&#8217;t likely to notice the difference.<\/p>\n<p>The letters claim that the CDC has &#8220;established a management system to coordinate a domestic and international public health response&#8221; and urge recipients to open a page that allegedly contains information about new cases of infection around their city. The link appears to point to the legitimate CDC website: cdc.gov.<\/p>\n<div id=\"attachment_32398\" style=\"width: 662px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/02\/06102022\/coronavirus-phishing-scr1.png\"><img decoding=\"async\" aria-describedby=\"caption-attachment-32398\" class=\"size-full wp-image-32398\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/02\/06102022\/coronavirus-phishing-scr1.png\" alt=\"Coronavirus phishing e-mails appear to come from the Centers for Disease Control and Prevention (CDC)\" \/><\/a><\/p>\n<p id=\"caption-attachment-32398\" class=\"wp-caption-text\">Coronavirus phishing e-mails appear to come from the Centers for Disease Control and Prevention (CDC)<\/p>\n<\/div>\n<p>The website looks similar to Microsoft Outlook&#8217;s interface \u2014 and requests an e-mail login and password. Of course, the website has nothing to do with Outlook; it&#8217;s just a page crooks built to steal e-mail credentials. It won&#8217;t log you in anywhere, but it will forward your login and password to the criminals, who will later use them to access your e-mail account and look for anything worth stealing in there.<\/p>\n<h2>What&#8217;s the catch in coronavirus phishing?<\/h2>\n<p>To avoid getting hooked, pay attention to details. Three things in this particular scheme should raise red flags:<\/p>\n<ul>\n<li>The e-mail address of the sender. If it ends with cdc-gov.org instead of cdc.gov, the e-mail is phishing.<\/li>\n<li>The actual URL of the link. If you hover over the link without clicking on it, you&#8217;ll see that the real address it leads to is different than the link description. It won&#8217;t really bring you to cdc.gov.<\/li>\n<li>The design of the phishing page. The official <a href=\"http:\/\/outlook.live.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Microsoft Outlook website<\/a> actually looks completely different. Of course, no website other than Microsoft&#8217;s should ask for your Outlook credentials. If you see such a request, know that it&#8217;s phishing and ignore it.<\/li>\n<\/ul>\n<div id=\"attachment_32399\" style=\"width: 918px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/02\/06102026\/coronavirus-phishing-scr2.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-32399\" class=\"size-full wp-image-32399\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/02\/06102026\/coronavirus-phishing-scr2.png\" alt=\"The fake Web page used in the coronavirus phishing campaign looks like an Outlook login window\" width=\"908\" height=\"560\" \/><\/a><\/p>\n<p id=\"caption-attachment-32399\" class=\"wp-caption-text\">The fake Web page used in the coronavirus phishing campaign looks like an Outlook login window<\/p>\n<\/div>\n<p>If you pay attention, you will certainly notice at least one of the problems we list above, but even one is enough to tell you: This is phishing, so don&#8217;t click any links, download any attachments, or enter any credentials.<\/p>\n<p>The coronavirus as a topic is heating up among malefactors of various kinds, so expect to see other malicious campaigns using the deadly virus as bait. Recently we&#8217;ve seen spam campaigns selling masks, which some perceive as the first line of defense against the virus.<\/p>\n<p>Another example we encountered recently was another phishing e-mail that also appeared to be sent from the CDC, this time from a different \u2014 but still fake \u2014 address: <strong>cdcgov.org<\/strong>.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/02\/06102030\/coronavirus-phishing-scr3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-32400\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/02\/06102030\/coronavirus-phishing-scr3.png\" alt=\"Another example of coronavirus-related phishing\" width=\"626\" height=\"746\" \/><\/a><\/p>\n<p>This e-mail urged recipients to donate Bitcoin to fund coronavirus vaccine research. Of course, the real CDC does not accept Bitcoin, and it is not asking for donations. And we&#8217;re sure to see more scams exploiting coronavirus fears.<\/p>\n<h2>How to protect yourself from phishing<\/h2>\n<ul>\n<li>Attentiveness and knowledge are your two best tools. Look carefully to spot wrong addresses, misspelled domains, URLs with misleading labels, and other signs. To learn more about typical phishing methods and techniques, read our <a href=\"https:\/\/www.kaspersky.com\/blog\/phishing-ten-tips\/10550\/\" target=\"_blank\" rel=\"noopener noreferrer\">ten tips<\/a> for avoiding phishing and <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/phishing\/\" target=\"_blank\" rel=\"noopener noreferrer\">other posts about phishing on Kaspersky Daily<\/a>.<\/li>\n<li>Use a reliable security solution, such as <a href=\"https:\/\/www.kaspersky.com\/advert\/security-cloud?redef=1&#038;THRU&#038;reseller=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____ksc___\" target=\"_blank\">Kaspersky Security Cloud<\/a>, that automatically detects phishing websites and blocks access to them.<\/li>\n<\/ul>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"ksc-trial-generic\" \/> <br \/><a href=\"https:\/\/www.kaspersky.com\/blog\/coronavirus-phishing\/32395\/\" target=\"bwo\" >https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/02\/06101938\/coronavirus-phishing-featured.jpg\"\/><\/p>\n<p><strong>Credit to Author: Maria Vergelis| Date: Fri, 07 Feb 2020 09:55:56 +0000<\/strong><\/p>\n<p>Phishers are using the Wuhan coronavirus as bait, trying to hook e-mail credentials.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[24152,11789,32,3924,10438],"class_list":["post-17666","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-coronavirus","tag-e-mail","tag-news","tag-phishing","tag-threats"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17666"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17666\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17666"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}