How is the Zika virus being used to target peoples' identities?
Scammers are using a deadly international outbreak as a way to trick people into downloading malware onto their systems(1).
The Zika virus has affected people all over the world, and playing on the fear that more will be infected is how hackers are infiltrating devices. The email is not a typical phishing scheme, but more complex and therefore more dangerous.
How is Zika being used?
The World Health Organisation released some key facts about the Zika virus, which outline the symptoms that the infected experience as well as how the disease is spread(2). Transmitted by the Aedes mosquito and originating most recently in Brazil, sufferers will feel headaches, muscle and joint pain, skin rashes and conjunctivitis among other illness(2). It comes as no surprise that people are quick to jump at any opportunity that might help to rid themselves of the virus, or the threat of being infected.
That is how the scammers are operating. According to an article from Symantec, one of the first cases of malicious spam was targeted at Brazilians, citing information from a legitimate local health website called Saude Curiosa(1). The email has additional buttons and links that catch the attention of readers, including "Eliminating Mosquito! Click Here!" and "Instructions To Follow! Download!"(1).
When users try to access these, they are redirected to a Dropbox page, which attempts to download the JS.Downloader onto the system, enabling further malware to be installed(1). Once this has occurred, a user's identity could be at risk as malware sits dormant on a device until it can attack data to send to the hacker. Data such as passport information, credit card details and social media accounts.
JS.Downloader is a Trojan that was first detected by Symantec Security Response on October 27, 2003(3). The nature of the virus is that once it is installed on your system, in the case of the Zika scam through the Dropbox page, it installs and executes further malware and requires removal with a virus scanner(4).
Criminals taking advantage of current events
This is certainly not the first time that hackers have attempted to use a serious worldwide issue in an attempt to scam people out of their money.
The Federal Bureau of Investigation reported on January 13, 2010 that there was a risk of fraudulent activity surrounding the Haitian earthquake of only a few days earlier(5). With this particular scam, people were asked to donate money to an organisation posing as providing charitable aid to the Haiti earthquake relief appeal(5).
The Australian Competition and Consumer Commission (ACCC) reported that in 2014, people in the country lost $28 million to online dating scams(6).
"Your personal data is a valued commodity – and one that you cannot put too high a price on when it comes to protecting it," said Delia Rickard, ACCC deputy chairperson.
"Unfortunately, scammers also recognise the value of your personal information and will go to great lengths to steal it."
Protecting yourself in every way
Attackers are becoming more and more aware of how to compromise a system, even with diligent users at the helm. In order to stop this from happening, it is important that users are aware of possible angles that these hackers could take.
Symantec suggests that for any information about the Zika virus outbreak, users visit the World Health Organisation website(1). Further, in order to stop phishing scams make sure that any unsolicited emails are deleted immediately, and any links included in these emails should not be followed(1).
If there has been a suspected breach of your system, contact Identity Watch today to find out about what services could help you to protect your sensitive information.
1. Symantec. Accessed February 2016.
2. World Health Organisation. Accessed February 2016.
3. Symantec Security Response. Accessed February 2016.
4. Symantec Security Response (2). Accessed February 2016.
5. Federal Bureau of Investigation. Accessed February 2016.
6. Scam Watch. Accessed February 2016.