Beware of scams in connection with COVID-19



Scammers have devised numerous ways of defrauding people in connection with COVID-19. Some examples of scams linked to COVID-19 include treatment, testing, medical supplies, insurance, charity, work from home, investment, student loan, and disinformation.

SonicWall Capture Labs Threat Research team has come across the below scams this week in connection with COVID-19.

IRS economic impact payment scam:

The Internal Revenue Service (IRS) will begin to distribute COVID-19 Economic Impact Payments in a matter of weeks. For most Americans, this will be a direct deposit into your bank account. For the unbanked, elderly or other groups that have traditionally received tax refunds via paper check, they will receive their economic impact payments in this manner as well.

The below malicious campaign involves government relief payments. It claims to have come from the IRS and requests the user to verify the account number in the attachment. But the attachment “Attached doc.iso” is actually a malicious iso file that drops a remote access trojan onto the user machine.



Bank payment relief notice scam:

The below phishing campaign is targeted towards customers of Absa, an African based financial services group. It claims to be the notice of payment relief plan for COVID-19 but the attached document is an html file, which when launched takes the user to the phishing webpage of Absa internet bank.

Medical supply scam:

The below campaign is targeted towards the medical supply businesses. It requests the medical supplier to supply the products specified in the attachment but the attached document is not a pdf file, it is a malicious executable that belongs to the malware family Agensla, that steals credentials from the victim’s browser, FTP and email clients.

Phishing Scam:

The below phishing campaign claims to have come from CDC, stating that it is closely monitoring the Intellectual property landscape while responding to the Covid-19 outbreak across the Asia-Pacific region. The link to COVID-19 updates in the stated mail is a phishing page pretending to be Spruson & Ferguson’s COVID-19 website. This is a phishing scam not affiliated with Spruson & Ferguson and in no way are they responsible for cyber criminals purporting to be them. 

Find the legitimate page of Spruson & Ferguson for COVID-19 updates here

Phishing emails look like legitimate company emails and are designed to steal your information. They usually contain a link to a website that will ask for your login credentials, personal information or financial details. These websites are cleverly designed to take your information and pass it back to the cybercrooks behind the scam.

  • Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes.
  • Do not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device.
  • Check the websites and email addresses offering information, products, or services related to COVID-19.
  • Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating.
  • For the most up-to-date information on COVID-19, visit the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) websites.

SonicWall Capture Labs Threat Research team provides protection against this threat with the following signatures:

GAV: Casur.A_9 ( Trojan )
GAV: Adload.A_220 ( Trojan )
GAV: MalAgent.H_16053 ( Trojan )

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.