As organizations in the private, financial, and government sectors take drastic steps to combat the spread of COVID-19, cybercriminals are taking advantage of the chaos. Recently, both the World Health Organization (WHO) and the Federal Trade Commission (FTC) have published warnings related to Coronavirus-related scams in cyberspace. Phishing, in particular, is quite prevalent. Last month, Colleen Tressler of the FTC noted that “fake emails, texts, and social media posts [are used] as a ruse to take your money and get your personal information.” She provided a few tips for identifying scams, such as watching out “for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or experts saying that [they] have information about the virus.” The WHO also provides a few tips to distinguish scam emails from legitimate ones, such as verifying that addresses end with “who.int”, as opposed to something like “who.com” or “who.org.” Phishing scams often try to exploit one’s fear and sense of urgency, which is easier to do during a crisis.

Phishing scams sometimes trick victims into downloading malware, either by opening an attachment or following a link. Last month, David Buxton of Kaspersky wrote about malware disguised as educational resources for combating the spread of the Coronavirus. The types of malware include Trojans and worms. To make matters worse, the malware would use .pdf, .docx, and .mp4 file extensions. We can often be suspicious of executable files (.exe), but in work environments, we almost always trust Adobe Portable Document Format (PDF) and Microsoft Word files.

You may wonder how it is possible for malware to pose as trusted documents. A variety of content, including malicious code, can be embedded in PDFs. In “Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware,” published in 2019 by Institute of Electrical and Electronics Engineers (IEEE) members Davide Maiorca and Battista Biggio, the authors note that “[t]ypically, JavaScript code, encoded streams and embedded objects (e.g., images, ActionScript code) are used to exploit a vulnerability of the PDF reader and subsequently allow execution of remote code” (p. 2). Similarly, Microsoft Word and Excel documents can contain macros, mini programs often used to automate laborious tasks, and these macros can contain malicious code. In general, PDF or Word viruses work by hiding within seemingly legitimate documents and exploiting vulnerabilities within the programs that are used to read them.

While it is important to be aware of biological viruses like COVID-19, it is also important to remain vigilant in cyberspace. The Coronavirus may have already inflicted economic damage to your business. However, in your effort to protect your personal health and the health of your workplace, you shouldn’t allow cybercriminals to inflict even more damage to your business.