Cyber criminals capitalise on Covid-19

Cyber criminals capitalise on Covid-19

Bogus emails impersonating charity linked to World Health Organisation, requesting for Bitcoin with wallet ID according to SophosLabs

Credit: Dreamstime

Cyber criminals are taking advantage of rising coronavirus concerns across the world, adapting and updating attack methods as real-time news unfolds.

That’s according to recent Sophos findings, highlighting a “novel method not yet seen” of hackers impersonating the World Health Organisation (WHO) and associated Covid-19 charities through a series of bogus emails and spam tactics.

“As people's fear and desire to do something about Covid-19 is dominating the news, it is also being exploited in every way by online criminals,” observed Chester Wisniewski, principal research scientist at Sophos.

SophosLabs - the vendor’s dedicated cyber security intelligence division - first reported phishing attackers using the WHO as a lure. Next, numerous malware gangs began to disguise malicious wares as Covid-19-themed documents.

“Now today, we are seeing cyber attackers impersonating WHO charities, this time the Covid-19 Solidarity Response Fund,” Wisniewski explained. “These emails are fake, but very real looking and take advantage of new and until recently unheard of charitable organisations.

“The tell-tale clue is the request for Bitcoin, rather than credit cards or other currency. Due to the ability to trace and stop real wire transfers and credit cards, criminals prefer to rely on crypto-currencies to attempt to preserve their anonymity and freedom and the Bitcoin payment request seen here is a sign that something isn't right about this email. We haven’t seen the novel nature of this attack before - impersonating charities around Covid-19.”

Covid-19 bogus emailCredit: Sophos
Covid-19 bogus email

Any time the public's interest becomes fixated on a topic, Wisniewski said scammers, spammers and malware authors "latch on to the news" with a determination to find a way to exploit such an opportunity.

“We've seen this type of activity in the past, but rarely is the whole world so focused on one thing, making this chance to develop scams a little too good to be true for cyber criminals,” he added.

“Almost all types of malicious online activity Sophos typically observes right now has in one way or another taken advantage of a Covid-19/corona theme. There are limitless quantities of spams pitching expensive guaranteed corona-proof masks, videos on how to construct your bunker and other 'guides' to keeping your business or family safe.”

The security vendor has also seen common email-borne malware families such as Fareit and Trickbot sendingCentres for Disease Control and Prevention (CDC) and WHO themed malicious emails.

Spams purporting to be from charities affiliated with the WHO are most recent, with the campaigns asking for Bitcoin donations to assist those on the front lines fighting the outbreak.

“Whether you trust your government or not, criminals are emailing you to exploit your fear or distrust,” Wisniewski cautioned. “Let's be clear. If you want advice from those who truly know what is happening, visit the website of your local health authority or ministry of health.

“Make a bookmark in your browser for the *real* WHO website at, and if you really want to make a financial contribution to those helping us stay safe in this fight, don't send Bitcoin, but go to the official website for the Covid-19 Solidarity Response Fund at”

Real WHO websitesCredit: Sophos
Real WHO websites

Tags sophoscyber


Show Comments