Coronavirus phishing attacks rising

With many employees working remotely, there is a rise in COVID-19 themed email phishing scams. Follow these suggested tips to keep companies safe.

By Gregory Hale April 13, 2020

While this should not be a big surprise, but there is a growing number of new coronavirus-themed phishing scams that use fake business logistics emails to infect organizations that sell goods, researchers said.

In one case, an email informs the recipient of a postponed order, due to the coronavirus, but in fact contains a spyware Trojan, said researchers at Kaspersky. Another attack has an attached “urgent order” that is actually a backdoor that enables remote device access, the researchers said.

In another case, the attackers said due to the coronavirus outbreak, their Chinese suppliers cannot meet their obligations. It sounds convincing enough under current circumstances. To avoid disappointing their customers, they are supposedly looking to place an urgent order for some goods (unspecified in the letter) from the company where the recipient works, Kaspersky said in a post.

However, when the victim clicks on the attached file, it contains no such order, but Backdoor.MSIL.NanoBot.baxo. When launched, it executes malicious code inside the legitimate RegAsm.exe process (again in an attempt to circumvent defense mechanisms). This results in the attackers gaining remote access to the victim’s computer. In essence, the emails usually make reference to delivery issues caused by the pandemic and ask the recipient to check delivery information, payment or order details contained in an attachment that actually contains malware seeking to gain remote control or access to the organization’s systems. This type of phishing can effectively target any organization that sells goods and constantly receive orders and supply requests. To prevent attackers from slipping in a Trojan or backdoor in the form of an attachment, Kaspersky suggests following these tips:

  • Carefully examine the extensions of attached files. If it’s an executable, the chances of it being unsafe are close to 100%.
  • Check if the sender company actually exists. These days, even the tiniest firms have an online footprint (for example, social media accounts). If you find nothing, do nothing; either way, it’s probably not worth doing business with such a company.
  • Check if the details in the sender field and the automatic signature match. Strangely enough, scammers often overlook this detail.
  • Remember that cybercriminals can pinch information about their “company” from open sources. So if you have doubts even though the e-mail seems to contain bona fide information, reach out to the company for confirmation that they sent the message.

This content originally appeared on ISSSource.comISSSource is a CFE Media content partner.

Original content can be found at Control Engineering.

Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information website covering safety and security issues in the manufacturing automation sector.