Cybercriminals target healthcare workers with coronavirus email scam

Cybercriminal gangs are targeting healthcare professionals with phishing emails about “coronavirus awareness” – part of a wave of scams capitalising on the pandemic.

Sky News has seen a copy of an email scam sent to a number of healthcare organisations that pretends to be from each firm’s internal IT team.

The email – which has the subject “ALL STAFF: CORONA VIRUS AWARENESS” – tells employees that “the institution is currently organising a seminar for all staff to talk about this deadly virus”, asking them to click on a link to register.

Image: The fake email seen by Sky News which has been sent to staff
Victims are taken to a third party website disguised as an Outlook web app
Image: Victims are taken to a third-party website disguised as Outlook Web App

The link takes anyone clicking on it to a third-party website disguised as an Outlook web app. Anyone who fills in that form ends up giving their details to the hackers.

Cybersecurity firm Mimecast’s head of data science Kiri Addison, who uncovered the scam, says the fraud is one of a “steady stream” of phishing emails sent since the coronavirus outbreak started – most likely from “organised cybercriminal gangs” – although she was unable to name the groups involved or the organisations affected.


“There’s so much uncertainty around coronavirus, they’re just going to prey on people’s fears,” she told Sky News.

One of the world's leading microbiologists, Professor Peter Piot, said that COVID-19 was 'much, much worse than Ebola'

COVID-19 ‘much, much worse than Ebola’

Scams taking advantage of COVID-19 have become increasingly common since the beginning of the outbreak.

More from Covid-19

Last week, the National Fraud Intelligence Bureau (NFIB) issued an urgent warning after identifying 21 cases of fraud involving coronavirus in February, including 10 that conned people desperate to buy face masks.

Earlier this week, Mimecast identified another email scam, in which criminals posed as HMRC and offered victims a tax refund.

Other cybersecurity companies also identified threats, such as websites registered with names related to COVID-19, which are used to steal information or infect their devices with malware.

“As the impact of the virus spreads this activity is almost certain to increase in order to take advantage of individual’s fears and their increasing concern at this time,” Carl Wearn, head of e-crime at Mimecast, told Sky News.

Boris Johnson has announced that the UK is movng from a 'contain' phase to a 'delay' phase in its response to the coronavirus epidemic.

Johnson: ‘Worst public health crisis for a generation’

Ms Addison urged people to pay close attention to the provenance of their emails, but admitted that it was hard to stop fraudsters.

“Generally we see people click on links and falling for phishing all the time,” she said. “Phishing is very effective.”


Leave a comment

Your email address will not be published.