The already traditional SCAM campaign, active for years, has always been adapting to the circumstances in order to maximize its probability of success.

These emails usually send us threats of a different nature that will become a reality if we do not agree to the immediate payment of an amount of money in some cryptocurrency (generally Bitcoins).

Sometimes they threaten us with making our data public, other times they tell us that we have been caught visiting illegal websites, etc. In some cases the threats go beyond dark brown, such as when they indicate that they have planted a bomb in our office or that they will implicate us in false causes of pedophilia, etc.

The current world situation generated as a result of the Covid-19 Coronavirus is being massively exploited by cybercriminals. To the tens of thousands of domains that we already have on the blacklist related to Covid-19, now a curious new form of SCAM is added, disguised as a request for an Economic Donation for the WHO, with the aim of delving into scientific research by regarding the virus.

In the image you can see a real sample, where donations are requested to the crypto wallet 16gmYrbqMr4SZeA7SqNVmirhnhDG3maYPK, which has already been reported as fraudulent.

There are police forces that pursue this type of fraud and extortion, placing special vigilance on the activity of cryptocurrency wallets, which are traceable when conversions are made to real currency, shipments of goods purchased with them, etc.

This fact, well known by cybercriminals, is being used by them when they want to harm a third party: to do so, they find out what the victim's cryptocurrency wallet is, which will surely be totally legal and clean, and include it as a destination of payment in a new shipment of SCAM!!!!

In this way, all suspicions will fall on the victim, and their wallet, which will be reported as fraudulent, will have serious problems from that moment on for all kinds of movements, to the point of being able to render it almost useless in many places .

We are detecting cases of this type in SCAM+Coronavirus campaigns. Iberlayer Email Guardian does not report cryptocurrency wallets, but it does block emails containing reported wallets.