Akankasha Dewan 25 February 2020 17:54:56 AEDT 4 MIN READ

Warning: Email scam uses list of ‘corona-virus affected company staff’ to deliver malicious payload

MailGuard urges all cyber users to be vigilant when accessing their emails as a widespread email scam leveraging on fears around coronavirus (now officially known as COVID-19) is infiltrating Australian inboxes.

The malicious emails use a display name of ‘Dr Li Wei’ and are titled ‘CORONA-VIRUS AFFECTED COMPANY STAFF’. The sending address used in these emails is a freshly registered domain and is likely created for the sole purpose of this scam. The ‘To’ field in the email shows the word ‘recipients’, and the recipient email address is the same as the sending address. The email also includes an attachment that’s titled ‘list.arj’.

Its message body is short, and begins with ‘TO WHOM IT MAY CONCERN’. It informs the recipient that a ‘file of victims and predicting victims of corona Virus as at 22/02/2020’ is attached, and that it contains ‘pictures,countries,names and companies affected’. The email body ends with the address and website for ‘The Central Hospital of Wuhan’.

Here is a screenshot of the email:

coronavirus scam_2502 edited

The ‘attached file of victims and predicting victims’ is actually a malicious payload designed to infect users’ systems.

Several variations of this email scam have been circulating over the last few weeks and we strongly advise all recipients to delete these emails immediately without opening any attachments and clicking on any links. Please share this alert with your social media network to help us spread the word around this email scam.

Cybercriminals behind this scam are tapping into users’ fear and paranoia surrounding the global outbreak of the virus in order to trick users. Here are a few ways how they’ve done this:

  • use of a senior health authority to inspire false trust; using ‘Dr Li Wei’ as the display name suggests the email is sent from a credible authority,
  • an alarming subject line; informing recipients of ‘CORONA-VIRUS AFFECTED COMPANY STAFF' creates a sense of urgency and anxiety, especially among those users who are anxious to know if any of the names on the ‘list’ are familiar ones. This motivates users to take action immediately without checking on the email’s authenticity.

This practice of launching cyberattacks that are centered around global news and outbreaks (like coronavirus) isn’t anything new. Cybercriminals have long employed these tactics to take advantage of users’ desires to keep up to date with any new information as possible, or to evoke powerful emotions (like fear) in the hope that their sentiments will get better of them and they will not pause to check for the legitimacy of these emails.

Despite these techniques, eagle-eyed recipients of this email would be able to spot several red flags that point to the email’s in-authenticity. These include the fact that the email doesn’t address the recipient directly, and that it contains several grammatical and spacing errors.

Coronavirus-themed cyberattacks are designed to play with human psychology and emotions. As such, we strongly advise being extra vigilant when you receive emails such as these and lookout for any tell-tale signs that might be suspicious.

What to do if you receive a suspicious email

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates