Many hackers and cyber criminals are now sending phishing emails with malicious attachments presenting as an instruction around the coronavirus. These cyber criminals are using these phishing emails to deceive people inform of a topic in the news, especially ones that are of concern and worry to many people. The coronavirus has already led to the deaths of thousands of people, and this has made possible hackers be using it for their own purpose to scam people.
According to a blog post by OneSpam, the website offers different tips to financial institutions and individuals on how to protect themselves, and how banks can protect their staffs against this latest coronavirus scam. In the OneSpam post, it was pointed out If the unsuspecting recipient opens the attachment, the file will silently install an Emotet downloader to infect the computer.
OneSpan said with the widespread media attention around the coronavirus, attackers are already using the topic to bait victims into opening malicious attachments. Most of the phishing emails seen so far are in Japanese since the coronavirus has been focused in Asia.
But these emails are expected to spread to other countries and likely translate to other languages. In the recent blog post by Kaspersky, malicious PDF, MP4, and Microsoft Word DOCX files disguised as documents relating to the coronavirus are detected.
The scammers imply that the files contain instructions for detecting and protecting against the coronavirus
The coronavirus themed phishing emails could affect world business due to the Chinese government role in the world economy, according to OneSpan. many companies are being asked if their supply chains will be disrupted because of shipping issues with China. Further, OneSpan said it expects to see the following types of phishing emails trying to take advantage of the coronavirus.
Phishing attacks can affect both corporate and retail banking customers. As such, banks and financial institutions can better protect their customers from these phishing emails by using the right types of fraud detection and prevention systems, as described by OneSpan. For examples
- Delivery companies, such as FedEx or UPS, and online sellers, such as Amazon, with messages about goods sourced from China
- Brokers and investment firms with a message about markets crashing
- Targeted attacks from suppliers saying goods cannot be delivered or will be delayed
- Urgent updates from the government and global health agencies on how to avoid infection
The fraud detection and prevention systems rely on rules engines to manage fraud. But not all anti-fraud systems are alike. Expert rules engines can help banks with extra rules during greater periods of risk such as certain holidays and natural disasters when customers are more likely to be hit. Dynamic fraud prevention tools can better help companies respond to fast changes in fraud.
According to the Tech Republic, the fraud detection systems should also offer specific controls so they can switch to a lower level of trust during periods of higher risk. Temporarily changing thresholds for the scoring model to allow for a larger number of false positives in favour of fewer false negatives is a worthwhile process. Once these coronaviruses themed phishing emails decrease, financial institutions can always dial back the detection to lessen the workload on the fraud team.
Banks can take steps to better protect themselves, their employees, and even their customers from these coronavirus phishing emails threats. The first step is to be aware of the heightened risk at this time and deploy enhanced safety precautions.
Financial institutions should adjust the rules engines on their fraud detection and prevention systems, monitor user behaviour throughout the entire online banking session, and leverage machine learning and advanced risk analytics to identify abnormal user behaviour in real-time.”