Skip to main content
close search
site logo
Dive Brief

FBI warns of a phishing uptick as hackers latch on to coronavirus

Published April 8, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
laptop, coding, code, cybersecurity
Rangel, David. [photograph]. Retrieved from https://unsplash.com/photos/4m7gmLNr3M0.

Dive Brief:

  • The Federal Bureau of Investigation issued a warning for increased phishing schemes, specifically business email compromise (BEC), during the coronavirus outbreak, the agency said Monday.  
  • Bad actors are leveraging BEC schemes to compromise "municipalities purchasing protective equipment" and supplies related to the coronavirus response. Targets include anyone who executes "legitimate funds transfers," according to the press release. 
  • The federal agency recommends businesses read all emails with a skeptical eye, especially when related to wire transfers, information changes, or have a sense of urgency. Close attention is required to determine if an email URL matches who the sender claims to be and if hyperlinks have misspellings.

Dive Insight:

A bank was emailed by a supposed customer in China requesting a transfer in invoice payments to another bank, according to the FBI. The customer claimed "Corona Virus audits" rendered their existing bank accounts inaccessible. Before the bank realized it was fraudulent, it had already wired — and lost — the money. 

In addition to existing health and economic stressors the coronavirus caused, "threat actors are taking advantage of the increased demand from the public for any and all information on the virus and economic relief," Ron Plesco, principal of Cyber Response Services at KPMG, told CIO Dive. 

KPMG is tracking phishing attempts linked to Congress' stimulus package, airline refunds, loan abatements and other economic relief solutions. While cyberattacks often correlate with crisis, "the difference here is that this is global in nature and not regional,"  said Plesco. 

From February to March, industry experienced a 667% increase in phishing attacks. In March, 2% of all phishing attacks mentioned "coronavirus." 

IBM X-Force found Emotet trojans were circulating in Japan after the sender claimed to be a disability welfare service provider. The sender's emails were written in Japanese and contained malicious Microsoft Office documents with "updates" to the coronavirus. 

Healthcare providers — already under stress — are also targets of ransomware attacks. The healthcare industry accounted for 29% of ransomware attacks in 2019 and because of HIPAA regulations, every security incident is treated similarly to a breach. 

However, if a medical company is able to remediate the damages of a cyberattack on their own, they could unintentionally erase evidence of a data breach. And, the attackers could ultimately publish records online anyway

As companies are predominately remote right now, Plesco recommends IT remind employees to: 

  • Use approved cloud-based services

  • Avoiding use of personally identifiable information

  • Confirm VPN and security configurations

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Productboard Launches AI-Powered Productboard Pulse To Integrate Voice of Customer Into Produc…
From Productboard
October 29, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell