Cyber Alert: Coronavirus Outbreak Used as Lure in Phishing Campaigns

The information contained in this alert is designated TLP:WHITE, subject to standard copyright rules, and may be distributed without restriction.


The NTIC Cyber Center is providing this alert to inform members of multiple active phishing campaigns targeting end users within the United States and the United Kingdom. These campaigns attempt to lure recipients into clicking on malicious links or opening malware-laden attachments by exploiting fears surrounding the 2019 novel coronavirus outbreak.

One campaign was observed distributing emails masquerading as official correspondence from the Centers for Disease Control and Prevention's (CDC) Health Alert Network. According to cybersecurity firm KnowBe4, these emails claim that the CDC "has established an Incident Management System to coordinate a domestic and international public health response" and attempt to lure victims into clicking the embedded link that is labeled as an updated list of novel coronavirus cases.


(Image Source: KnowBe4)


A second campaign, discovered by security firm Mimecast, pretends to originate from a doctor who is a coronavirus specialist. The emails try to trick recipients into downloading a malicious PDF file by claiming it contains "safety measures" to prevent the spread of the novel coronavirus.


(Image Source: Mimecast)


These, like many other phishing campaigns, use fear to manipulate victims into performing actions that are not in their best interests. Victims who click on the embedded links in these emails or open associated attachments put themselves at high risk of a malware infection and data theft, as these tactics are commonly used to steal sensitive data such as account login credentials and to distribute ransomware and information-stealing malware such as Emotet. The NTIC Cyber Center assesses with high confidence that cyber threat actors will continue to exploit the 2019 novel coronavirus outbreak to craft and execute social engineering campaigns for as long as the virus remains a threat to the global population.


RECOMMENDATIONS The NTIC Cyber Center recommends all readers remain vigilant for phishing attempts exploiting the 2019 novel coronavirus outbreak, avoid opening unexpected emails, and refrain from clicking on links and opening attachments from unknown or untrusted sources. If you receive these or similar emails in your work email account, be sure to notify your IT security team immediately.

The information contained in this alert is designated TLP:WHITE, subject to standard copyright rules, and may be distributed without restriction.

The NTIC is governed by a privacy, civil rights, and civil liberties protection policy to promote conduct that complies with applicable federal, state, and local laws. The NTIC does not seek or retain any information about individuals or organizations solely on the basis of their religious, political or social views or activities; their participation in a particular noncriminal organization or lawful event; or their race, ethnicities, citizenships, places of origin, ages, disabilities, genders, or sexual orientations. No information is gathered or collected by the NTIC in violation of federal or state laws or regulations.