LMC Insurance & Risk Management
  • About Us
    • Leadership
    • Wisconsin Office
    • Accessibility
  • For Business
    • Property Casualty
    • Employee Benefits >
      • Iowa Health Insurance Pool
      • Share to Compare
    • Financial Services
    • Surety Bonds
    • Risk Management
    • Cyber Security
    • Executive and Owner Risk Management
  • Industries
    • Construction
    • Healthcare
    • Higher Education and Nonprofits
    • Hospitality
    • Manufacturing
    • Petroleum
  • Personal
  • Contact Us
    • Report A Claim
    • Iowa
    • Wisconsin
  • Careers
    • Open Positions
  • Online Tools
  • Blog
  • About Us
    • Leadership
    • Wisconsin Office
    • Accessibility
  • For Business
    • Property Casualty
    • Employee Benefits >
      • Iowa Health Insurance Pool
      • Share to Compare
    • Financial Services
    • Surety Bonds
    • Risk Management
    • Cyber Security
    • Executive and Owner Risk Management
  • Industries
    • Construction
    • Healthcare
    • Higher Education and Nonprofits
    • Hospitality
    • Manufacturing
    • Petroleum
  • Personal
  • Contact Us
    • Report A Claim
    • Iowa
    • Wisconsin
  • Careers
    • Open Positions
  • Online Tools
  • Blog

Welcome to the LMC Blog

Businesses hit with malicious coronavirus-related emails

4/15/2020

 
Malicious Coronavirus-Related Emails
As if businesses didn't have enough to worry about, online scammers have started sending out malicious e-mails to organizations about coronavirus that appear to be from business partners or public institutions.
The criminals send these to rank and file employees in the hope that at least one of them will click on a link or attachment in the email, which unleashes malware or tries to trick them into wiring money for supplies purportedly to protect the organization's workers.

The number of malicious emails mentioning the coronavirus has increased significantly since the end of January, according to cyber security firm Proofpoint Inc. The company noted this isn't the first time they had seen such widespread cyber-attacks associated with some type of a disaster. But because this is global in nature, it decided to track the new threat.

The practice of launching cyber-attacks centered on global news and outbreaks (like the current COVID-19 coronavirus) isn't anything new. Cyber criminals have long employed these tactics to take advantage of users' desires to keep up to date with new information, or to evoke powerful emotions (like fear) in the hope that their sentiments will get the better of them and they will not pause to check for the legitimacy of these emails.

Cyber criminals are using the public's ignorance about coronavirus, as well as the conflicting claims of how to protect against it, to lure people into clicking on malicious links or to get them to wire money. Because people are afraid, their guards may be down and they may not be as careful about identifying the email as dangerous. For example:
  • An employee in purchasing or accounts payable may receive an e-mail that is doctored to look like a purchase order for face masks or other supplies. The aim is to trick an employee into wiring payments to a fraudulent account.
  • Other emails may look like they are from OSHA or a government health agency with links on tips to protect the workplace from COVID-19. The link contains malware that is unleashed on the company's servers. It purports to include an attached file of victims of the virus but, when opened, it instead unleashes a malicious payload designed to infect users' systems.
 
Some real-life examples
​
  • Japanese workers were targeted in January and February with emails that looked like they came from local hospitals. The messages even included legitimate contact information for key personnel. The emails were focused on employees of various companies and came in a message that would look like it's a reply to something, or a warning that people are getting from the government. But when they clicked, it was malware.
  • Emails were sent to companies in the transportation sector that looked like they came from an employee of the World Health Organization. They included the WHO logo and instructions about how to monitor crews aboard ships for coronavirus symptoms, and they included an attachment with instructions. This phishing email attack was intended to lure individuals into providing sensitive data, such as personally identifiable information and passwords.
  • Companies in the U.S. and Australia have been receiving malicious emails that use a display name of "Dr Li Wei" and are titled "CORONA-VIRUS AFFECTED COMPANY STAFF."

What you can do

All that it takes to break into your business is a cleverly worded email message. If scammers can trick one person in your company into clicking on a malicious link, they can gain access to your data.
It's important to train employees on how to identify suspicious emails. They should avoid clicking links that:
​
  • Are not addressed to them by name, have poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses they are not expecting to hear from.
  • Ask you to download any files.
  • Take you to a landing page or website that does not have the legitimate URL for the company the email is purporting to be sent from.
  • Include attachments that offer with advice on what to do. Do not open them even if they come from relatives or friends.

Comments are closed.
    We're here to help.
    ​1-800-677-1529
    ​
    Email Us
    Follow @lmc_insurance

    Categories

    All
    Compliance
    Construction
    COVID 19
    COVID-19
    Cyber Security
    Directors And Officers
    Employee Benefits
    Executive Benefits
    Healthcare
    Higher Education
    Human Resources
    Manufacturing
    News
    Personal Insurance
    Property And Casualty
    Risk Management
    Wellness
    Workers Compensation

    Archives

    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    August 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017

    While every effort has been taken in compiling this information to ensure that its contents are totally accurate, neither the publisher nor the author can accept liability for any inaccuracies or change circumstances of any information herein or for the consequences of any reliance placed upon it. This publication is distributed on the understanding that the publisher is not engaged in rendering legal, accounting, or other professional advice or services. Readers should always seek professional advice before entering into any commitments.
LMC Insurance & Risk Management
​About   |   Blog   |   Contact

Iowa
4200 University Ave, Suite 200 
West Des Moines, IA 50266-5945
Wisconsin
8500 Greenway Blvd., Suite 201
​Middleton, WI 53562
 © 2021 LMC Insurance & Risk Management. All rights reserved. Privacy policy.