Lawyers at Mayer Brown are urging internet users to be aware of proliferating Covid-19 phishing scams. 

“As Covid-19 spreads around the world, so are phishing scams or the infection of computer systems with malware through phishing emails and websites that appear to be related to the coronavirus,” says Gabriela Kennedy, a partner in the firm’s Hong Kong office. “These phishing scams are spreading fast across the world and capitalize on the widespread panic that seems to have gripped the general public. In the face of this new emerging cyber threat, it is crucial that businesses are aware of the risks they face and implement the necessary cybersecurity safeguards.”

Kennedy, writing in a client alert, says that coronavirus-related phishing scams take different forms and use different mediums. 

“One of the most common forms is the use of phishing emails. For example, cybercriminals impersonating medical experts such as virologists or officials from the World Health Organization have been sending phishing emails containing malicious links or attachments which purport to provide information on how to protect oneself from the coronavirus. Unsuspecting users who click on the links or access the attachments open their systems to a malware attack which may result in the infiltration of the connected network, theft of personal information or the entire system being rendered inoperative,” she writes. 

Hau Yeo Cheng, an associate in the IP & TMT practice in Mayer Brown’s Singapore office, says that another common form of phishing takes place when fraudulent websites containing malicious links are set up. “Such websites clone the websites of well-known organizations – for example, a healthcare company or a government website. These websites may then contain a link to a downloadable file, which purports to contain useful information relating to the coronavirus but instead contains malicious codes.”

Cheng says that phishing websites may also trick users into providing certain personal or confidential data in return for information or useful items related to the coronavirus (e.g. face masks). The types of user data commonly targeted include ID numbers, banking information, credit card details, account passwords or any other types of data which may facilitate identity theft. The stolen data is typically traded or sold on the dark web. 

“It appears that the number of coronavirus-related phishing websites is increasing: research1 conducted by Check Point Research revealed a recent surge in the number of registrations of domain names associated with the coronavirus,” Kennedy says. “If in doubt, check the domain name for the fraudulent website, and you will immediately spot a misspelling of the domain name for the official website.”

More information about coronavirus phishing scams, including advice from Kennedy and Cheng on how to combat such scams, is available on the Mayer Brown website.

Gregory Glass