Cyber criminals are exploiting the public’s fear of the Wuhan coronavirus outbreak in a new phishing scam, researchers have learned.

Experts at IBM discovered a spate of phishing emails being sent to Japanese citizens, asking them to open an attached Word document supposedly containing details of infections in the country’s main island.

The email reads:

Department of Health Services

For the new type coronavirus-related pneumonitis, patients are reported in the heart of Wuzhen City, China. Patients are also being reported in Gifu Prefecture in Japan.

Therefore, please check the attached notice.

Thank you for your infection prevention measures.

Those that open the attachment are asked to enable macros. This is often a bad sign, as one of the tricks scammers use to bypass spam filters is to hide malware in macros.

In this case, the Emotet banking Trojan is lying in wait. Once on your system, it can become part of a botnet, steal sensitive information or grab your passwords.

Predictable attack

It’s no surprise that cyber criminals are exploiting coronavirus in a scam like this. Topical stories are often used in phishing emails, as there is an in-built sense of urgency that can make it more likely that a recipient will ignore their instincts and click a malicious link.

One of the most popular examples of this are phishing emails sent around tax season, but you’re just as likely to find similar scams in the run-up to Christmas or whenever there’s a major news story, such as an election or a sports event.

NFL fans have recently had to be on the lookout for Super Bowl scams, while this side of the Atlantic has had Brexit phishing emails to worry about.

Many will point to the insensitivity of using coronavirus for something as comparatively trivial as a phishing scam, but unfortunately criminals will use whatever topics they can to make money.

They are aware that any news on coronavirus will get an emotional response. At the time of writing, more than 550 people have been died from disease and another 3,500 are in critical condition.

The scam is likely to be particularly alarming in Japan, which recently confirmed 20 infections aboard a cruise ship that’s moored off the port of Yokohama.

How to prevent phishing scams

Even though cyber criminals are increasingly tapping into our fears, it can still seems unlikely that scams like this would work. Awareness of phishing is at a record high, popular targets like Amazon have dedicated phishing prevention pages and many bogus emails do a poor job of imitating their target.

It’s yet to be seen how successful this coronavirus scam will be, but based on past cases, plenty of people will fall victim.

So how can you keep yourself safe? Spam filters are an ideal natural starting point, and most email systems have one in place, but they are never foolproof.

Likewise, staff awareness training is a great way of teaching staff to spot the signs of a phishing email, but again, that’s not something you can rely on. Staff can easily forget what they’ve learned in heat of the moment – especially when scams are designed to elicit a sense of urgency, as was the case here.

You must instead combine both of those with an ongoing culture of security in your workplace. Remind employees regularly about the threat of phishing, encourage them to speak to a colleague if they’re unsure about the legitimacy of a message, implement technologies to mitigate the threat of an infection – such as file scans whenever you download something.

Phishing prevention shouldn’t ever be left to one person or one solution. It takes the organisation working as a whole to keep everyone safe.


Written by Luke Irwin, writer for IT Governance