Hackers are using news coverage of the spread of the WannaCry ransomware to trick people into installing malware pretending to offer a patch to prevent infection.

First detected in the United Kingdom, the phishing campaign pretends to be from BT Group plc. That’s the company formerly known as British Telecom, which is still the country’s largest Internet service provider post-privatization. The campaign claims, in what is described as a “very convincing email,” that BT has launched preventative measures to protect user data. Users are asked to click on a “confirm security upgrade” button to re-establish full access to a BT account it claims has been restricted following the WannaCry outbreak.

“Fraudsters are using the global WannaCry ransomware attack as a hook to try and get people to click on the links within this clever BT branded phishing email,” the Derby City Council said in a statement reported by ITV. “Action Fraud have received several reports of this very convincing email that claims BT have launched preventative measures to protect your data on an international scale. After analyzing the email, the domains appear very similar and this could easily catch out those who are concerned about the security of their data after the global attack.”

The fact that hackers are using the WannaCry news to trick users into installing unrelated malware does not come as a surprise to security experts. Mike Wyatt, a threat researcher at security firm RiskIQ Inc., told SiliconANGLE that threat actors know how to get people to click on their links, and WannaCry is a perfect example of how they do so.

“To get people’s attention, they will often leverage breaking news, holidays, and events that drive news cycles in their threat campaigns—including high-profile security risks like WannaCry,” Wyatt said. “With the media hysteria around the attack stoking users’ fears of having their network locked until they pay a bitcoin ransom, threat actors may send emails that tap into that fear. For example, it could be fake antivirus software that purports to protect them from WannaCry, or even emails saying they’ve been infected and offering help once they provide data or click on their malicious link.”

Wyatt notes that the use of legitimate company names, such as in this case, BT, is a “very bad thing” because even though the companies have nothing to do with the distribution of the malware, consumers still blame them. “Consumers may even directly associate the legitimate brands with the bad things that happen to them via the fraudulent use of their branded terms, seriously eroding consumer trust.”

As always, Internet users are advised not to open attachments or click links from any unexpected source.

Photo: Pixabay