Certified Public Accountants
& Business Consultants

COVID-19: Themed Cyber Attacks

Contact Our Team

Law enforcement around the world are sending out alerts warning of increased attacks and fraud attempts as the world deals with the COVID-19 pandemic.
April 13, 2020

Law enforcement around the world are sending out alerts warning of increased attacks and fraud attempts as the world deals with the COVID-19 pandemic. The two main variants being used in the attacks are:

  • Ransomware – Pandemic themed emails and websites have dramatically increased as social anxiety has increased. The real atrocity is the criminals are targeting healthcare and first responders.
  • Fraud – Pandemic-themed emails, calls, and other attempts at fraud using the pandemic as a backdrop to increase urgency and take advantage of isolated users. Attacks against state and local government resources have dramatically increased as thieves try and use the pandemic to steal money meant for protective equipment and disaster relief.

General ransomware attacks using pandemic-themed emails and websites are using claims of a cure, treatments and fake charities. The truly disturbing trend is an increase in the attacks on the people and systems on the front line of dealing with the pandemic. These criminals are using similar, but fake, email addresses and compromised email accounts to target healthcare organizations and first responders. These emails seem to come from a legitimate government address and have some time critical information for the recipient convincing them to click a link or open an attachment. The thieves are betting if they can infect a healthcare or first responder organization with ransomware, they will very likely pay the ransom to get their systems back online as fast as possible. These targeted attacks have increased so much the International Criminal Police Organization (INTERPOL) issued a Purple Notice (method of attack warning) to all 194 member countries.

The fraud targeting state and local governments is focused on changing payment information (ACH or wire) to re-route payments to the criminal’s account. Knowing states and municipalities are spending heavily to deal the pandemic, the thieves are redoubling their efforts to scam finance teams and get the money. Referred to as business email compromise by the FBI, these attacks use a combination of fake, or compromised, email accounts requesting urgent changes to the payment routing and may include modified contact information. They impersonate known suppliers, particularly those supplying materials needed for the pandemic. The pandemic also gives them excuses for urgency, inability to request the change in person, and an excuse for not following standard processes. The FBI recently issued a warning about the increase in these kinds of attacks.

Commercial entities are seeing increased attacks as well. The U.S Department of Homeland Security and the U.K. National Cyber Security Center just issued a joint alert about increased attacks using phishing, malware, and impersonation techniques to steal credentials or launch ransomware. The attacks use the pandemic as a backdrop, using fake names to impersonate doctors, government officials, financial institutions or vendors. Successful attacks are used to launch additional attacks against other organizations with the ultimate goal of stealing money or forcing an organization to pay a ransom. 

The best defense against these attacks is awareness and vigilance. Any email coming from an unknown source, out of character for the apparent sender, or urging action to make a change affecting money, click a link or open an attachment is suspect. Unusual, or just out of place, requests for username and password (or personal information) on unfamiliar websites or requests to download and run software are suspect. Make sure to use the official government and support sites to get information about the pandemic and avoid sites with hyped-up information or promises of exclusive information. Remind your staff working from home about these basic precautions and consider reinforcing the information with additional security awareness training.

As always, if you need information or assistance with cyber security, please feel free to contact our RubinBrown Cyber Security team at any time.


Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.


For more information, please contact:

  • Mark Clark, CISSP, CPA, CEH, MBA, MSA
  • Cyber Security Compliance Lead
  • Cyber Security Services
  • 314.678.3581
  • mark.clark@RubinBrown.Com