There has been no shortage of cyber threats in Canada over the last 3 months as threat actors are finding more creative ways to take advantage of the COVID-19 pandemic.
We’ve compiled (4) of the latest cyber threats that should be on your radar (if they aren’t already). So, let’s get right into it:
1. COVID-19 Malware/Phishing Scam. There have been numerous attempts to use the pandemic as a front to infect computers and mobile devices with malware. The victims of one such scheme received phishing messages/emails telling them that they’ve been exposed to someone who has tested positive for COVID-19 virus and asked them to fill out what looks like an Excel form. When users click to enable the content and view the form, it infects their computers with a Trojan down-loader that installs malicious files. Microsoft has also put out a warning about a massive phishing attack that started on May 12. The campaign sends emails that look like they are from the “Johns Hopkins Center”, and they have an Excel attachment that claims to be US deaths caused by the Corona-virus.
Example of Excel attachment phishing/malware scam:
2. Spoofed CERB Payments & Fake 3rd Party Companies claiming to assist with CERB Applications. There have been reports around the country of companies claiming to help with these CERB Applications. Never click on a link or attachment in a text message or an email for any CERB or any other financial related sites – always open a browser and go to the site directly yourself. For information regarding CERB, please visit: https://www.canada.ca/en/services/benefits/ei/cerb-application.html and for further assistance,contact the CRA at: 1-800-959-8281.
Examples of a CERB direct deposit “smishing” scam:
FYI, Canadians can now report suspected fraudulent CERB recipients through the Canada Revenue Agency’s official snitch line. “If you suspect a potential misuse of the COVID-19 emergency benefits and programs, the National Leads Centre is currently accepting leads on these programs”.
Visit the Lead’s Program page here: https://www.canada.ca/en/revenue-agency/programs/about-canada-revenue-agency-cra/suspected-tax-cheating-in-canada-overview.html
3.Unauthorized or Fraudulent Charities. Sadly, there are many fraudulent entities requesting money for victims, products and/or research regarding COVID-19. Don’t be pressured into making any donations whatsoever but if you do so, please verify that it is a registered charity here before you give your banking information out.
Example of a COVID-19 charity scam:
4.Webex and Microsoft Teams are being targeted. More video-conferencing providers are also under attack. Reports from a company called “Abnormal Security” reported that hackers are trying to squirm into Cisco Webex and Microsoft Teams video meetings. They’re sending out emails impersonating automated messages from both services, with different strategies.
A phishing Webex email claims that there’s a security certificate problem and your account is locked. To unlock it, you must sign in with the provided link, which goes to a fake website that captures your password.
Webex Phishing email example:
The Microsoft Teams email claims that your teammates are trying to reach you and includes a link or an icon to a shared file. When you click on the link, you get taken to a phony Microsoft Office login page, where your username and password are captured. What may make these lures convincing are tricks like having a URL for the login page include the word “Microsoft product”. With so many video meetings being held these days, you’ve got to be careful when logging into any service from a sent email.
Pro-Tip: Before clicking, be sure to contact your team mate either by message or phone to check if the meeting invite is real.
Microsoft Teams Phishing email example: