The Naval Criminal Investigative Service is warning sailors to be aware of a new crop of online scams sparked by the coronavirus.
Criminals are using concern over coronavirus to conduct new forms of phishing, financial scams and disinformation campaigns over social media in order to collect sensitive information, steal money with fake donation websites and deliver malware to victims, according to a NCIS release.
Since January, several so-called “spear phishing” campaigns have been falsely representing healthcare organizations like the U.S. Centers for Disease Control and Prevention and the World Health Organization, NCIS says.
“In many cases, victims receive coronavirus-themed emails requesting the victim to open an attachment or click on a link to obtain details about the coronavirus,” the NCIS release states. “Once a victim clicks on the attachment or link, they are directed to a malicious website requesting the victim to enter login credentials.”
Law enforcement has also seen campaigns where users receive hoax emails from someone claiming to be a CDC official requesting Bitcoin donations to bankroll an “incident management system” in response to the coronavirus pandemic.
Three military attorneys also face professional misconduct probes, Pentagon officials say.
Last month, Japan-based users received what appeared to be official emails containing information related to coronavirus prevention.
But when the malicious Microsoft Office files were open, they downloaded a sophisticated Trojan malware strain known as Emotet on to the user’s computer, according to NCIS.
NCIS also cites warnings by other U.S. government officials that Russia “is likely behind coronavirus disinformation campaigns that are being spread via social media.”
While no evidence has emerged that the Navy has been targeted, NCIS urges personnel to stay vigilant and use complex and different passwords for different services and to only visit trustworthy sites for news on the pandemic.
Use two-factor authentication when possible and change passwords regularly, they advise.
Scammers also can slightly alter web addresses to make them resemble a legit site, so double check these URLs.
Finally, NCIS advises that you not enter sensitive data and password information into websites that don’t typically request it.