Coronavirus COVID-19 scam, spam and malware websites risky for your PC or Phone than health

The novel Coronavirus COVID-19 pandemic has ravaged the world since it was first reported in Wuhan China, CDC among other health departments, has warned everyone to be on the watch.

At WPChase, our job is also to warn you that cybercriminals and nation state-sponsored spies have also taken the trending Coronavirus COVID-19 respiratory pandemic to also piggyback on the coronavirus panic.

Research released on Thursday revealed that crooks and snoops have fast registered many potentially-malicious websites and are using them to send out masses of scam emails as they try to scam the public and make money from the pandemic.

Cybersecurity company Recorded Future reported that there has been a significant rise in website registrations related to the COVID-19 virus, some of which it believes are being used to either steal, phish or pilfer information from recipients or infect them with malware.

Over 4,000 coronavirus-themed domains have thus been registered since January.  3% out of those were flagged as malicious, and another 5% as suspicious — this statistic makes it  50% higher than the malicious rate of all other trending topic domains registered in the same period, including Valentine’s Day scams.

WP-VCD: Have you Malware infected your WordPress site using pirated plugins and themes?

“Many of these domains will probably be used for phishing attempts,” the researchers warn. “An outstanding targeted coronavirus themed phishing campaign was recently spotted targeting Italian organizations, hitting over 10% of all organizations in Italy.”

Some of the potentially dangerous  domains that Recorded Future, specifically listed as risky include;

  • coronavirusstatus[.]space
  • coronavirus-map[.]com
  • blogcoronacl.canalcero[.]digital
  • coronavirus[.]zone
  • coronavirus-realtime[.]com
  • coronavirus[.]app
  • bgvfr.coronavirusaware[.]xyz
  • coronavirusaware[.]xyz
  • acccorona[.]com
  • alphacoronavirusvaccine[.]com
  • anticoronaproducts[.]com
  • beatingcorona[.]com
  • beatingcoronavirus[.]com
  • bestcorona[.]com
  • betacoronavirusvaccine[.]com
  • buycoronavirusfacemasks[.]com
  • byebyecoronavirus[.]com
  • cdc-coronavirus[.]com
  • combatcorona[.]com
  • contra-coronavirus[.]com
  • corona-armored[.]com
  • corona-crisis[.]com
  • corona-emergency[.]com
  • corona-explained[.]com
  • corona-iran[.]com
  • corona-ratgeber[.]com
  • coronadatabase[.]com
  • coronadeathpool[.]com
  • coronadetect[.]com
  • coronadetection[.]com

According to Trend Micro, researchers have also acquired email samples sent to and received from all over the globe, including countries such as the U.S., Japan, Russia, and China. Many of the emails, purportedly from official organizations, contain updates and recommendations connected to the disease. Like most email spam attacks, they also include malicious attachments.

Why WP-VCD Is the Most Prevalent WordPress Malware Infection

One of the samples used the email subject “Corona Virus Latest Updates” and claimed to come from the Ministry of Health. It contained recommendations on how to prevent infection and came with an attachment that supposedly contains the latest updates on COVID-19 but actually carried malware.

How to spot a coronavirus phishing email? Examples

Coronavirus-themed phishing emails can take different forms, including these.

CDC alerts. Cybercriminals have sent phishing emails designed to look like they’re from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of coronavirus cases in your area. “You are immediately advised to go through the cases above for safety hazard,” the text of one phishing email reads.

Workplace policy emails. Cybercriminals have targeted employees’ workplace email accounts. One phishing email begins, “All, Due to the coronavirus outbreak, [company name] is actively taking safety precautions by instituting a Communicable Disease Management Policy.” If you click on the fake company policy, you’ll download malicious software.

Health advice emails. Phishers have sent emails that offer purported medical advice to help protect you against the coronavirus

How to protect yourself

Researchers have strived to devise solutions to contain the spread of the virus, also known as COVID-19. Examples include Alibaba which has built an AI that can diagnose coronavirus within seconds with 96% accuracy, while another initiative lets you lend your unused computing resources to help find a cure.

To avoid any risks, DO NOT attempt visiting any of those websites. If you see any unsolicited emails coming from domains that include messages (e.g. those sent from @coronavirusstatus[.]space addresses) or if they’re linked in any emails, it’s worth taking extra precautions. Don’t click on any links within the email and don’t open any attachments. Simply close the email and delete to avoid further risk.

Phishing email examples: Another Cybersecurity company FireEye provided Forbes with several examples of spam emails. Often such scams will ask you to click on a link or attachment so that you can get more information about protecting yourself from coronavirus.

Tips for recognizing and avoiding phishing emails

Here are some ways to recognize and avoid coronavirus-themed phishing emails from Norton Cyber security company.

Like other types of phishing emails, the email messages usually try to lure you into clicking on a link or providing personal information that can be used to commit fraud or identity theft. Here’s some tips to avoid getting tricked.

  • Beware of online requests for personal information. A coronavirus-themed email that seeks personal information like your Social Security number or login information is a phishing scam. Legitimate government agencies won’t ask for that information. Never respond to the email with your personal data.
  • Check the email address or link. You can inspect a link by hovering your mouse button over the URL to see where it leads. Sometimes, it’s obvious the web address is not legitimate. But keep in mind phishers can create links that closely resemble legitimate addresses. Delete the email.
  • Watch for spelling and grammatical mistakes. If an email includes spelling, punctuation, and grammar errors, it’s likely a sign you’ve received a phishing email. Delete it.
  • Look for generic greetings. Phishing emails are unlikely to use your name. Greetings like “Dear sir or madam” signal an email is not legitimate.
  • Avoid emails that insist you act now. Phishing emails often try to create a sense of urgency or demand immediate action. The goal is to get you to click on a link and provide personal information — right now. Instead, delete the message.

To get factual and reliable  information about the coronavirus, please visit the following sources:

Wonderful!, just before you go, If you like these WordPress fixes, there is more: Please subscribe to our website for the latest tips, ideas, and recommendations to make your WordPress Websites wonderful.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 151 other subscribers

2 Comments

%d bloggers like this: