Beware! Phishing Campaigns Tied to Coronavirus is Widely Distributed in Indonesia
With the Coronavirus death count reaching over 3,000 victims worldwide, the whole world now is increasing its vigilance against the worldwide health crisis. Meanwhile, fraudsters are fishing in troubled water. By using email scams, they are attempting to profit from people’s fear over the virus. The followings are some schemes that fraudsters are using to trick people:
- Businessinsider reported that security researchers have identified multiple phishing scams in which attackers posed as authorities from the Center for Disease Control and Prevention or the World Health Organization in emails. The phishing emails would offer information about the virus to trick victims into downloading malicious software or handing over their login credentials.
- An Israel based cybersecurity firm found that in Indonesia, the Lokibot malware was widely distributed through spam emails that carry links, PDF or Word documents on how people can protect themselves against the virus. The Lokibot is a trojan that is designed to infiltrate systems and collect a wide range of information.
- The cybersecurity firm also found a spike in the number of website domains registered tied to Coronavirus. These are fraud websites that trick people into visiting their websites to buy vaccines and face masks with the hopes that it could protect them against the virus. These websites are used to attempt phishing.
- A leading cybersecurity firm based in California, found that cybercriminals are targeting the global shipping industry by sending out phishing emails about the Coronavirus to entice victims to open an attached Microsoft Word document that installs the AZORult information stealer.
For organizations, these reports should be a warning to be more vigilant in fighting against cybercrime, primarily during this tough period. When it comes to an organization, phishing is not just responsibility of the IT department, but the entire corporate’s stakeholders. If an employee becomes a victim of phishing, then the organizations’ data is also at risk of being stolen. One of the mitigation efforts that organizations can do is to educate their employees about phishing, in addition to strengthening their cybersecurity defense.
Conducting prevention efforts are always better than recovering from losses. However, if an organization discovers that their information is being stolen by phishing, then it has to conduct countermeasure actions. These actions include conducting an investigation of the company itself to minimize the company’s damage and losses as well as to improve the company’s security system.
Integrity Indonesia, with more than fifteen years of experience, will guarantee a comprehensive, compliant, thorough, and discreet approach in identifying and investigating fraud. We collect relevant evidence through investigative activities, including computer forensics. Contact us for more detailed information about fraud investigations and other compliance services.