Hackers using coronavirus to scam people, install malware on devices

Bad actors will often mention popular news to get users' attention

Hackers have seized trending coronavirus news as a way to target victims online and install malware on their devices, new research shows.

The number of internet domain names that include coronavirus-related words has jumped in recent weeks, meaning bad actors are creating fraudulent websites related to the new virus outbreak to trick curious users into giving up sensitive information or downloading viruses by accident, according to intelligence at cybersecurity research company Check Point Research's 2020 Global Threat Index.

"We follow global trends and try to understand what kind of [cyber activity] we can see already happening or what we can anticipate could happen," Check Point Head of Threat Intelligence Lotem Finkelstein told FOX Business.

Increase in coronavirus-related domain names. (Check Point Research)

Finkelstein said there are "thousands and thousands" of discussions going on between cybersecurity experts about how cybercriminals use trending topics from coronavirus holidays like Valentine's Day to "lure customers" with spam campaigns using self-made websites, social media, email and text messages.

WHAT IS 'PHISHING'?

One example of such a website discovered by Check Point is vaccinecovid-19.com, which went live on Feb. 11 and is registered in Russia. The unsecured website offers "the best and fastest test for coronavirus detection for [about $300]," according to the report.

The website includes a button that users can click to give up their personal information, which is how bad actors can install malware to gain access inside a device and retrieve the sensitive personal information of their victims, such as passwords and credit card information. New sites with domains that use real, trending words such as "vaccine" and "coronavirus" "are being registered globally,"  Finkelstein said.

Coronavirus scam website. (The Conference Board)

Check Point discovered thousands of these new websites centered on coronavirus being created every week since about mid-January. Many of these sites are "created in haste" so scammers can "get as much gain as they can" while the virus is still a global trend,  Finkelstein explained.

SPEAR-PHISHING ATTACKS: WHAT YOU NEED TO KNOW

"We discovered over 1,600 [websites] in the past week that seemed to be fishy had the word 'corona' in them," he said. "[Cybercriminals] try to get customers to complete an action so they unknowingly download malware such as ransomware."

The most prominent coronavirus-themed scam was a mass email that targetted Japanese users by pretending to be a Japanese disability welfare service provider. The email claimed to hold important information about the virus in a separate attachment that, if opened, installed malware on victims' devices, the report shows.

FACEBOOK, YAHOO MOST IMITATED BY PHISHING SCAMMERS IN FAKE EMAILS

Bad actors will often mention popular news to get users' attention and trust in emails and fraudulent websites so they give up information or download malware-containing files onto their devices. Sometimes scammers even track the online behavior of their targets to study their interests before they send an email or text in an attempt to increase the chance of gaining user trust.

This illustration provided by the Centers for Disease Control and Prevention in January 2020 shows the 2019 Novel Coronavirus (2019-nCoV). (CDC via AP)

"It's always mind-play between cybercriminals versus the public --- the potential victims --- and the cybersecurity world," Finkelstein said. "The cybersecurity world is always trying to search for these things before they have a major impact. Once we start seeing a trend, we know how to bring attention to these issues" so people know how to avoid such scams.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

To avoid being tricked by these emails and websites, Check Point research recommends being wary of email address names rather than trusting that every message that appears in an inbox is coming from a trustworthy source.

Check Point also recommends hovering cursors over links before clicking on them to know where the link directs users or not clicking links at all and instead going directly to a company's website for promotions offered via email rather than clicking on the links in emails.

CLICK HERE TO READ MORE ON FOX BUSINESS

Users should also watch out for offers that seem too good to be true, spelling errors, unusual phrasing and unfamiliar senders, according to the research group.