Kaspersky researchers have discovered a series of spam and phishing attacks seeking to exploit the coronavirus pandemic by targeting people who are waiting on packages.

These scammers often pose as delivery service employees saying that a package has arrived, but to receive it, the potential victim must read or confirm the information in the attached file.

Once the victim opens the attachment, however, malware is downloaded on their computer or phone.

The latter, for instance, includes a backdoor called Remcos onto the device. This malware can turn the PC into a bot, steal data, or download additional malware.

Phishers have also been creating highly believable copies of webpages for popular delivery services as a way to hunt for credentials. Potential victims are encouraged to input their details – such as their email and password – into the website in order to track their packages.

“The unfolding pandemic has created chaos in many industries – including delivery services – and it’s not surprising that cybercriminals would try to use this to their advantage,” says Tatyana Shcherbakova, senior web content analyst at Kaspersky.

“With people regularly receiving notifications about delivery delays or item shortages and without the option to purchase needed items in stores, these types of scams have a high chance of success.

“Even though everyone is anxious to receive their orders, it’s important to always carefully assess where these emails are coming from and make sure the webpage address is correct.”

To avoid falling victim to Coronavirus-themed spam and phishing campaigns, Kaspersky experts recommend:

  • Look carefully at the sender’s address – if it comes from a free e-mail service or contains meaningless characters, it’s most likely fake.
  • Pay attention to the text – well-known companies wouldn’t send emails with poor formatting or bad grammar.
  • Don’t open attachments or click on links in emails from delivery services, particularly if the sender insists upon it. It’s better to go to the official website directly and log into your account from there.
  • Use a reliable security solution.