Home » Coronavirus “Safety Measures” Email Scam
Cyber Attack

Coronavirus “Safety Measures” Email Scam

Coronavirus “Safety Measures” Email Scam
Coronavirus “Safety Measures” Email Scam

Coronavirus “safety measures” email is doing the rounds and people should know the truth behind it. 

Since the outbreak of Coronavirus, its being used in various cyber scams. One of which is Coronavirus “safety measures” email which is a phishing scam. It suggests users about the safety measures that should be followed to prevent the virus. However, it is not so, the document attached to the email named “safety measures” is a compromised file which if downloaded or opened on the computer or device, it drops the payloads of severe Trojan or ransomware threats.

This guide is curated to make users aware of this latest scam and how to deal with it.

What is “Coronavirus Email Virus”?

The scammers are shooting out Coronavirus “safety measures” emails in bulks that are supposed to be from World Health Organization (WHO) awaking peoples about the safety measures against the Coronavirus. The spam campaign either embed a website link or a document attached to it which claims to further guide users on how they can prevent themselves from being infected with Coronavirus. Like mentioned above, this is just a scam and email is not associated with World Health Organization. In fact, the online scammers are using it to make users download the malicious file or visit the compromised link to download the harmful viruses on the computers.

Cyber Criminals Exploit the Coronavirus Name To Spread High-Risk Trojans

The threats can be high risking banking Trojan like CamuBot, TrickBot, Emotet or Tesla. These are data-stealing or banking Trojans that are designed to steal sensitive data like bank account details, login credentials, credit card details and so on and communicate them with the attackers which are later used for fraudulent transactions. They do this by installing a key-logger that records the keystrokes when users visit the secure sites.

Apart from Trojans, the Ransomware mostly spread using such phishing scam techniques containing the infected attachment which are macro-enable documents that runs on the victim’s computer to drop the payloads of the ransomware and install them. The Ransomware threats are again a highly devastating threat that uses the encryption algorithm to encrypt the important files on the victims PC like documents, photos, videos, PDFs, excels, databases and so on. This denies users access to their files till they don’t provide the decrypt key to unlock the files. The ransomware threats asks the victims to buy the decryption code from them by paying the ransom in the form of Bitcoins. But often times, even after paying the victims does not get their files back and it’s a loss of both money and data.

Coronavirus “Safety Measures” Email Scam
Coronavirus “Safety Measures” Email Scam

Here are some samples of the Coronavirus “safety measures” email scam:

 The “Coronavirus Email Virus” Sample 1:

Subject: Coronavirus (2019 -nCov) Safety Measures
Dear Sir/Madam,
Go through the attached document on safety measures regarding the spreading of corona virus.
This little measure can save you.
WHO is working closely with global experts, governments and partners to rapidly expand scientific knowledge on this new virus and to provide advice on measures to protect health and prevent the spread of this outbreak.
Symptoms to look out for; Common symptoms include fever, cough, shortness of breath, and breathing difficulties.
Dr Liang –
Intensive Care Physician
WHO Plague Prevention & Control

The “Coronavirus Email Virus” Sample 2:

Dear Sir,
Go through the attached document on safety measures regarding the spreading of corona virus.
Click on the button below to download

Symptoms common symptoms include fever, coughcshortness of breath and breathing difficulties.

Dr. Stella
Specialist wuhan-virus-advisory

In recent research, the spam mail contained the “CoronaVirus_Safety_Measures.rar” file that is an executable file. The campaign is used to spread Agent Tesla RAT virus that is designed to take control of the target computer and record various sensitive data of users.

Coronavirus “Safety Measures” Email Scam2
Coronavirus “Safety Measures” Email Spreading Agent Tesla RAT

Users opening them accidentally can be a victim of data or monetary frauds. The presence of such high-risk threats also opens the backdoor for other malware and allows remote access to cyber criminals to control the device. Thus, it is strongly advised not to open or download any attachment from such Coronavirus “safety measures” emails. And if somehow you have already opened them then you should avoid using your computer or device to visit banking or other sensitive websites and accounts or make any transactions.

It is better to quickly scan your infected computer with HitmanPro.Alert that is pro-active to detect any traces of malware that may have been dropped while opening the email or its attachments.

About the author

UnboxHow Team

If you have come this far, it means that you liked what you are reading. Why not reach little more and connect with us directly on Google Plus, Facebook or Twitter. We would love to hear your thoughts and opinions on our articles directly.

Add Comment

Click here to post a comment