r Ministry of Defence - Sri Lanka

Are cyber criminals exploiting Corona pandemic for malicious purposes?

April 27, 2020

COVID-19 outbreak has become an unprecedented global pandemic that is threatening every aspect of human life, our security and most of all our livelihoods. There are also other unconventional threats in the form of cybercriminal activities. This article focuses on what we know as hacking by criminals, looking to exploit and take advantage of Corona factor.

What is the risk?

At this moment in time, every nation is implementing preventive measures, including a curfew and social isolation that restrict the normal lifestyles of the people, and the use of the internet is at the highest level. Mostly, people are having to work from home and keep in touch with the outside world. That exposes everyone online to cybercrimes while the world is busy trying to counteract the effects of the Corona virus. It makes us all vulnerable and presents the hackers with an ideal opportunity to exploit the Corona pandemic for malicious purposes. Using their skills and knowhow, the hackers follow everything we do online now, as much as they have done before.

The World Health Organization (WHO) recently issued warnings about suspicious email messages designed to take advantage of the Covid-19 emergency. The message including an attachment claimed to have details about how recipients could prevent spreading of the virus, but the attachment did not contain any useful advice, instead the email was meant to infect computers with malicious software called AgentTesla Keylogger. In addition, there were several fake "diagnosis" scams as well. Therefore, any tools that promise to test you for Corona virus online should not be trusted. Instagram has already banned rogue Coronavirus filters that claim to "diagnose" your condition.  Security experts have labelled the new trend as “Fearware”, warning that victims may be more susceptible to be tricked or scammed during times of global uncertainty.

Airborne virus scam was another to instigate fear into people by claiming the rates of transmission of Coronavirus will increase and make them insecure. The scam appears to resemble an email from the Centres for Disease Control and Prevention (CDC) which is faked with their correct email address to make it look genuine and, sent via a spoofing tool. The cyber criminals had redirected the email recipients who had clicked on the link to a fake login page where the user was asked to enter their email and password. Donate here to help the fight’ is another scam asking for donations to develop a vaccine with a request to make payments in cryptocurrency Bitcoin.

Interesting to note that Covid-19 scams are not being used by criminals just for monetary gains, but hackers have also created fake Coronavirus maps to spread malware. According to another interesting report, a malicious Android application has appeared as a Covid-19 tracking map from Johns Hopkins University, with a hidden password-stealing malware AZORult. However, according to the National Fraud Intelligence Bureau (NFIB) majority of reports, scams related to online shopping where people had ordered protective face masks, hand sanitiser, and other products that were never delivered. To avoid being cone, NFIB has advised people not to panic when doing online shopping, be alert, take time to read reviews of the site before proceeding with an order.

Corona is a visible threat; cyber-criminal is an invisible threat  

The Corona virus has the characteristics of a silent killer and a threat just like a hacker, but unlike a hacker the location of the Corona virus is traceable. They both have the capacity to inflict unimaginable damage to humans beyond boundaries without causing structural damage. That makes the Corona virus and the malware spread by the hackers the biggest threat to global wellbeing, and its impact on the global economy, livelihoods and lifestyles is difficult to assess. That makes us all vulnerable and risk being easy prey to hackers, scammers, and spammers who will not waste any time in catching us off guard.

Every one of us as individuals and organisations, state institutions need to be alert to this threat and be over vigilant to protect ourselves from unauthorised access to protected data including health records, bank accounts and credit/debit cards, mobile numbers and other sensitive information held by the relevant organisations. It is incumbent on them to put in place additional measures to deny access to any personal data that they hold. The hackers offer stolen data to third parties, advertising agencies, marketing and sales promotions agencies in rerun for large sums of money. They also use stolen data to blackmail and persecute individuals, and organisations, demanding ransom payments. Widespread fraud is common practice in the hacker’s world.        

According to the Identify Theft Resource Centre, one of the top three reasons for major data breaches is employee error and negligence, unauthorised access to protected data, and unrestricted access to remote communications technology to employees without proper vetting procedures in place prior to recruiting. The demand for prompt action in the working environment and the busy daily lifestyles attract the attention of malicious actors knowing that people will unwittingly open spam emails that look convincing, and that allows malware or ransomware implant in the user’s computers, or even mobile devices.  

The sudden increase in remotely working environment makes the organisations more vulnerable to the new set of cyber security risks, and given that communication and data transmission happens entirely online, the hackers find it easier to trick the vulnerable groups to gain access to digital systems. Even the extra precautions that the employees might take, their vulnerability to unauthorised intrusions via malicious emails will be greater because of the verbal verification of emails received from colleagues is affected by remote working. Also, access to the internet via home broadband or the network systems has inbuilt risks unless the system itself is protected by reliable firewall software (or VPN) giving added protection as it is the case in organisations.

Phishing is a type of invisible cyberattack usually delivered by email by the scammers to send malicious messages that appear to be from a trusted source with the intention to confuse the recipient in an effort to either obtain login details or infect the user interface with malware, or both. The scammers do this by including a link or attaching an infected file to the message. Also used frequently by the scammers is by way of texts (Smishing) or voice calls over the phone (Vishing) to hassle and threaten the public to lure them for fraudulent purposes.  In the prevailing Corona affected circumstances and the imposition of curfew, the public is having to depend on shopping using online services rather than conventional methods than ever before. This requires the buyers to become alert to potential cyber intrusions, and the buyer should carry out online checks for authenticity of the products and credibility of the vendor, especially the person or the company name, contact details, not just the address but  also the phone number and email address before placing the order.

Another online fraud is to obtain money through donations to fake charities online. The Corona pandemic is an ideal opportunity for the fraudster to trick the public by appealing for donations to a good cause. Therefore, anyone wishing to make a donation could be in for a surprise when the generous contribution made had fallen directly or indirectly into scammer’s accounts. One particular method used by scammers is cloning the title of registered charities, and it is for that reason checks should be carried out before making online donations to ensure the funds go to the genuine beneficiary.  

The country is in total lockdown and people are confined to their own homes in order to avoid further spread of the virus. The educational institutions are closed and those continuing academic work are having to rely on virtual platforms to progress academic work including the exchange of email. This will inevitably lead to a higher frequency of use and a larger volume of data transmitted using mobile phones, laptops, desktop computers, portable tabs and mobile broadband equipment, and the use of the telephone networks and the internet place the user in a high risk situation. It is not difficult to be deceived by rogue emails resembling a genuine email originating from a known sender, and to steal credentials of the recipient by linking to a faked log in page. Although mostly emails could be filtered and removed as spam by standard firewall software, those carrying aggressive malware will get through to cause serious damage to the system and compromise personal information held in the system in use. Therefore, it is important to maintain constant vigilance and increased awareness of the threats of phishing attacks.

What should be done to prevent cyberattacks and remain secure online?

The task force including the ministry of health set up by the government, issue health advice and guidance on the ways to avert the spread of Corona epidemic. One of the important preventive measures is to cleanse and sanities hands to avoid contamination from the virus. This advice is also repeated by the cyber security experts stressing that the computer users must be aware of the risks when downloading email attachments from unknown sources.

The must do rule is to validate the authenticity of the email and the sender and, must not do rule is open the email.  The best way to avoid inadvertently opening the email is to hover your mouse cursor over the email and see whether it has come from a genuine organisation or a person, if in doubt do not open it.

Here are a few tips you need to follow when you work from home. Cybercriminals use emergencies such as COVID-19 to get people to make decisions quickly. Therefore, do not make hasty decisions because if you did, it would be too late to undo it. Always take your time and think twice about a request for your personal information. However, if you believe that your credentials such as your username or passwords were compromised by the cybercriminals, immediately change your credentials on each site you had used.

Ensure all the devices used including the internet routers are up to date with anti-virus software, run regular updates to ensure the laptops and PCs have the latest firewall protection against emerging malware. Always use secure and known internet connections and, any special software needed, download or install them only from trusted sources. Hackers often set up Uniform Resource Locators (URL) that resemble real websites, to harvest passwords. Therefore, verify the URL of any website before you proceed. It has been revealed that there are number of Corona virus related domain name registrations recently. To protect yourself from phishing attacks online, users need to be extra vigilant. If you have any questions about the validity of an internal company email, do not hesitate to contact the sender before making any transactions or changed payment instructions.

Confidential means exactly that. Therefore, the employees should always remember that the same care should be taken when working remotely as you would do if you were in the office.  A Personal email should not be used for any company business.

Companies also have a role to play. They should put in place a communication mechanism to stay in touch outside company hours, in case of an emergency arising from a cyberattack (malware, ransom, DDoS or other types). Furthermore, they can also set up controls that mitigate risks, such as restricting access to employees working off site. It is also a good practice to encourage employees to report anything that looks suspicious to the company in order to increase awareness amongst the staff.



  Vibhushnie Bentotahewa- BA (University of Colombo-Sri Lanka), MA (University of Buckingham- UK) is currently pursuing her PhD in Cyber Diplomacy at Cardiff Metropolitan University- UK. Her research interests are nation state attacks, Regulations and laws affecting cyber security.


  Dr Chaminda Hewage- BSc Eng. (Hons) (Ruhuna), PhD (Surrey-UK) is an Associate Professor in Data Security at Cardiff Metropolitan University-UK. He is an expert in data security and research on human/social factor and emerging threats in cyber security. He is the principle investigator of a number of research projects looking at various frontiers of cyber security.



-The Ministry of Defence bears no responsibility for the ideas and views expressed by the contributors to the Opinion section of this web site -