FBI Issues Alert on Phishing Email Scams Related to COVID-19

  • Attackers are using an HHS.gov open redirect to push Raccoon information-stealing malware on to victims’ systems.
  • The IC3 has asked people to be cautious of emails that claim to be from the Centers for Disease Control and Prevention (CDC) or other healthcare organizations.

Cybercriminals are increasingly capitalizing on the spread of COVID-19 to launch their malicious attacks. To reduce the impact of such attacks, the FBI Internet Crime Complaint Center (IC3) has issued an alert to warn users about fake phishing emails. The IC3 has asked people to be cautious of emails that claim to be from the Centers for Disease Control and Prevention (CDC) or other healthcare organizations.

What does the FBI report say?
The FBI has alerted users to watch out for emails that offer to provide information on the pandemic. It has urged people not to click on links or open attachments as threat actors can use them as channels to deliver malware designed to steal personal information from computers. Threat actors can also use malicious links to lock computers and demand payment.

The FBI has cited that these emails can also be from different entities related to charity for the disease, general financial relief, airline carrier refund, fake cures and vaccines, and fake testing kits. The email asks the recipient to verify their personal information to receive further updates. 

One such phishing email incident that tricks victims into downloading malware through HHS.gov open redirect has come to the notice recently.

Leveraging HHS.gov open redirect
As reported by BleepingComputer, attackers are currently using an HHS.gov open redirect to push Raccoon information-stealing malware on to victims’ systems. This open redirect is a part of the subdomain of HHS’ ‘Departmental Contracts Information System’, is distributed via coronavirus-themed phishing emails.

The Raccoon information-stealer is capable of stealing data such as email credentials, credit card info, cryptocurrency wallets, browser data, and system information. After execution, the information-stealer also makes use of a decoy that shows an error message to make the victim think there is something wrong with the malicious attachment. 

What does the FBI advise?
The FBI has asked people to follow good cyber hygiene and security measures to prevent falling victim to such scams. Among the basic security measures recommended by law enforcement agency, it includes:
  • Do not open attachments or click links within emails from senders you don't recognize.
  • Do not provide your username, password, date of birth, social security number, financial data, or other personal information in response to an email or robocall.
  • Always verify the web address of legitimate websites and manually type them into your browser.
  • Check for misspellings or wrong domains within a link (for example, an address that should end in a ".gov" ends in .com" instead).