Beyond the immediate health threat, a new fraud trend has been noticed. With the widespread media attention around the coronavirus, attackers are already using the topic to bait victims into opening malicious attachments.
Here we take a closer look at these phishing attempts and explore security solutions that could identify and help prevent coronavirus-related phishing attacks.
Coronavirus Phishing Attacks
Researchers at IBM X-Force have identified several campaigns where attackers are sending out infected email attachments disguised as instructions around the coronavirus. When opened, the file will silently install an Emotet downloader in the background. Right now most of the messages found appear to be in Japanese, which is due to the outbreak being concentrated in Asia. However, with the fear of the virus being so widespread, we can expect similar tactics to be used in the rest of the world soon enough.
Similarly, Kaspersky just published a blog reporting that the company’s technologies “have found malicious pdf, mp4 and docx files disguised as documents relating to the newly discovered Coronavirus. The file names imply that they include virus protection instructions, current threat developments, and even virus detection techniques.”
While criminal hackers routinely use natural disasters and viral news topics to launch attacks, the coronavirus theme has the potential to affect businesses directly because of China’s role in the global economy. For example, many companies are being asked if their supply chains will be interrupted because of shipping issues with China. An audience hungry for information is an audience ripe for hacking attacks. As a result, we expect to see phishing emails posing as:
- Delivery companies, such as Fedex or UPS, and online sellers, such as Amazon, with messages about goods sourced from China
- Brokers and investment firms with a message about markets crashing
- Targeted attacks from suppliers saying goods cannot be delivered or will be delayed
- Urgent updates from government and global health agencies on how to avoid infection
Now is the time to be extra vigilant, as attackers will be looking to take advantage of the fear and attention around the coronavirus outbreak.
How Banks Can Protect Customers against Coronavirus-themed Attacks
Financial institutions (FIs) should deploy additional safety precautions because of the heightened risk of phishing, social engineering, and malware attacks. Attacks will affect both corporate and retail banking customers as criminals take advantage of the situation.
FIs with fraud detection and prevention systems generally rely on a rules engine to manage fraud. Not all anti-fraud systems are equal, however. Expert rules engines give FIs an advantage by providing the flexibility to activate extra fraud rules during heightened risk periods such as Christmas, Black Friday, and natural disasters when customers have an increased chance of being compromised. Such periods of increased risk demonstrate the need for banks to have dynamic fraud prevention solutions in place to allow them to respond to the fast-paced nature of fraud.
It is also important that fraud detection systems be capable of quickly toggling different controls or operating at a lower level of trust during times of increased risk. Similarly, temporarily changing thresholds for the scoring model and allowing a larger number of false positives in favour of fewer false negatives is also a good practice. When the surge in the coronavirus phishing period comes to an end, reconfiguring the detection will allow the bank to reduce the workload on the fraud team.
Combatting Phishing and the Coronavirus
Sadly, attackers will play upon any fear to increase the impact of their phishing campaigns. In that way, the coronavirus attacks we have been seeing are just the next iteration in an ongoing effort. Vigilance by your fraud team, bolstered by the ability to dynamically adjust fraud rules and enhance your existing anti-fraud tools with real-time risk analytics, is key both to stopping this wave of phishing attacks as well as the ones to follow.
The post Coronavirus phishing and malware attacks spreading through banks and FI’s appeared first on Payments Cards & Mobile.