Following the appearnce of malware masked as files about coronavirus, phishing e-mails that exploit the very same epidemic have been floofing inboxes.
The emails have the form of letters that appear to come from the Centers for Disease Control and Prevention, which is a real organization in the United States, and they do recommend some actions regarding the coronavirus. The e-mails also come from a convincing domain, cdc-gov.org, whereas the CDC’s real domain is cdc.gov.
The letters claim that the CDC has “established a management system to coordinate a domestic and international public health response” and urge recipients to open a page that allegedly contains information about new cases of infection around their city. The link appears to point to the legitimate CDC website: cdc.gov.
The website looks similar to Microsoft Outlook’s interface — and requests an e-mail login and password. Of course, the website has nothing to do with Outlook; it’s just a page crooks built to steal e-mail credentials. It won’t log you in anywhere, but it will forward your login and password to the criminals, who will later use them to access your e-mail account and look for anything worth stealing in there.
To avoid getting hooked, pay attention to details:
- The e-mail address of the sender. If it ends with cdc-gov.org instead of cdc.gov, the e-mail is phishing.
- The actual URL of the link. If you hover over the link without clicking on it, you’ll see that the real address it leads to is different than the link description. It won’t really bring you to cdc.gov.
- The design of the phishing page. The official Microsoft Outlook website actually looks completely different. Of course, no website other than Microsoft’s should ask for your Outlook credentials. If you see such a request, know that it’s phishing and ignore it.
In any case, since this is is phishing, so don’t click any links, download any attachments, or enter any credentials.
Another phishing e-mail also appeared to be sent from the CDC. This e-mail urged recipients to donate Bitcoin to fund coronavirus vaccine research.