HEALTHCARE AT HOME:
THE  ROWAN TECHNOLOGY REPORT

Serving the home health, home care and hospice industry since 1999.

Untitled Document

by Tim Rowan, Editor

According to recent reports in the online publication TechRepublic, there has been a recent spike the applications for domain names that include the words "COVID-19" or "CoronaVirus." Hackers from Russia and many other places are using these fear-based buzzwords to get people to click on them before stopping to think. They are counting on people lowering their guard out of a heightened need for information during the pandemic, and hiding in the tall weeds of the plethora of legitimate emails on the topic. Here are some danger signs cyber-security experts have detected, along with warnings they issue.

  • Cyber-protection firm Barracuda Networks reports a 667% spike in COVID-19-related email attacks, just since the end of February.
  • Researchers detected 137 coronavirus-related "spear phishing' email attacks in January,  1,188 in February, and 9,116 from March 1 through 23.
  • These account for only about 2 percent of 467,825 attacks during March but the threat is growing rapidly.

Watch for different kinds of attacks

According to Barracuda researchers, these flavors of attacks are growing more sophisticated every day:

  • Scamming emails (54%)
  • Brand impersonations (34%)
  • Blackmail (11%)
  • Business email compromise (1%)

TechRepublic reports that Barracuda issued a stern warning. "Skilled attackers are good at leveraging emotions to elicit response to their phishing attempts, such as the ongoing sextortion campaigns, which rely on embarrassment and fear to scam people out of money. With the fear, uncertainty, and even sympathy stemming from the coronavirus COVID-19 situation, attackers have found some new emotions to leverage."

For example, one blackmail attack claimed to have access to personal information about the victim, know their whereabouts, and threatened to infect the victim and their family with coronavirus unless a ransom was paid, the company said. Barracuda's "Sentinel" platform detected this particular attack 1,008 times over two days.

PROTECTIVE STEPS

  1. Do not clink on promotional links in emails.
  2. Google the desired retailer, and click the link from a results page instead of within the suspicious email.
  3. Beware of "special" offers, such as an 80% discount on a new iPhone or an exclusive cure or treatment for coronavirus.
  4. Beware of lookalike domains, spelling or grammar errors in emails or websites, and unfamiliar email senders.

Variations

There are scams offering to sell COVID-19 cures or face masks. Some ask for investments in fake vaccine development companies. Others ask for donations to fake charities. For example, the "World Health Community" does not exist. The "World Health Organization" does, but it does not ask for donations via Bitcoin.

Some phishing victims have their computers and networks infected with malware. "Emotet" is a banking Trojan that has been detected in Japanese emails claiming to be from a disability welfare provider. "LokiBot" steals login credentials and data. Watch out for these kinds of email messages:

  • "Your invoice is attached. We apologize for the delay in sending the invoice due to coronavirus." That one contains LokiBot. Barracuda has seen it 3,700 times.
  • News Update: "1 thing you must do." Click the link and you unlock the door to Emotet. 
  • Login pages that look exactly like a familiar web site. Barracuda saw one that claims to be from the CDC.

 

Best Practices at All Times

  • Be wary of any emails attempting to get users to open attachments or click links. Anti-malware and anti-phishing solutions can be especially helpful to prevent malicious emails and payloads from reaching intended recipients, but even with such protections in place, caution should always be used since no solution catches everything.
  • Watch out for any communications claiming to be from sources that you normally would not receive emails from. These are likely phishing attempts. While receiving coronavirus-related emails from legitimate distribution lists to which you belong is becoming common, emails from organizations that you do not regularly receive messages from should be scrutinized closely. For example, the CDC is not going to be sending out emails to anyone who doesn't regularly receive emails from them already.
  • Use caution with emails from organizations you regularly communicate with. Brand impersonation is quite prevalent in coronavirus-related email attacks, so use caution opening emails from organizations you expect to hear from. This especially applies to those in the healthcare industry since it is being targeted by cyberattacks trying to capitalize on the pressure resulting from handling an influx of coronavirus cases.
  • Find credible charities and donate directly. A common tactic for coronavirus-related scams is asking for donations to help those affected by the pandemic. To avoid falling victim to one of these attacks, don't respond to email requests for donations. Instead, find credible charities helping with coronavirus efforts and donate directly through them. It's also highly unlikely that any legitimate charities are taking donations through Bitcoin wallets, so seeing that in an email should be a red flag.

 

©2020 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Home Care Technology: The Rowan Report. homecaretechreport.com One copy may be printed for personal use; further reproduction by permission only. editor@homecaretechreport.com