Tweet
New research from Proofpoint has revealed that cybercriminals are using social engineering lures related to various coronavirus stimulus packages around the world to trick users into clicking on malicious links or downloading files with malware.
One such campaign in the US is targeting US healthcare and higher education organizations as well as companies in the technology industry with emails that contain a message claiming that the Trump administration is considering sending American adults a check to help stimulate the economy. The email asks recipients to verify their email account through a malicious link that directs them to a phishing page.
Another campaign discovered by Proofpoint claims to be sent by a major Australian newspaper and uses the subject line āGovernment announces increased tax benefits in response to the Coronavirusā in its emails. However, the message contains a PDF attachment with an embedded URL that leads to a OneDrive credential phishing page.
[ul]
[li]Beware these new coronavirus email scams[/li][li]Hackers use Covid-19 āspecial offersā to spread malware[/li][li]āCorona antivirusā infects victims with malware[/li][/ul]
Proofpoint also observed a small email campaign that targets technology and IT organizations with the subject line āCOVID 19 : Relief Compensationā. The campaign claims to come from the WHO and IMF and says the recipient has ābeen randomly selected to be compensated financially due to the outbreak of the COVID-19 Epidemic outbreakā. Once again though, the email contains a malicious Microsoft Excel branded attachment that steals usersā emails and passwords.
Credit card attacks
In addition to the other campaigns Proofpoint discovered, the cybersecurity firm also found two that try and steal usersā credit card numbers.
The first one is a small email campaign that tries to steal user IDs, passwords and credit card numbers. It targets information security and technology organizations with the subject line āClaim Your Covid-19 Cashā. To help increase its credibility, the campaign claims to come from a major US credit card company and promises to waive late fees and issue a credit of up to $5,000. The emails sent in the campaign also contain a āClaim Nowā link that takes recipients to a spoofed page for the credit card company that attempts to steal their ID, password, email credit card and other details.
The second email campaign is much larger and primarily targets the manufacturing, technology and transportation industries as well as healthcare, aerospace, retail, energy, business services and hospitality companies. The campaign claims to be from a major UK bank with global customers and also spoofs their branding. The emails sent out by the cybercriminals behind it have a subject line which reads āCOVID-19 Relief Measures : FINANCIAL SUPPORT WITHā and names the bank.
To trick users into clicking on a malicious link, the email offers 300 Singapore dollars and tells the recipient to āStart Hereā to claim the money. However, the link then takes users to a spoofed page for the bank that asks for their name, address and credit card number.
In a blog post detailing these various campaigns, the Proofpoint Research Team explains that we will likely see the cybercriminals behind them continue to modify their strategies, saying:
āThe ongoing shift to coronavirus-themed messages and campaigns is truly social engineering at scale and these recent payment-related lures underscore that threat actors are paying attention to new developments. We anticipate threat actors will continue modifying their strategies as the news surrounding COVID-19 shifts.ā
[ul]
[li]Weāve also highlighted the best antivirus software[/li][/ul]
Continue readingā¦
One such campaign in the US is targeting US healthcare and higher education organizations as well as companies in the technology industry with emails that contain a message claiming that the Trump administration is considering sending American adults a check to help stimulate the economy. The email asks recipients to verify their email account through a malicious link that directs them to a phishing page.
Another campaign discovered by Proofpoint claims to be sent by a major Australian newspaper and uses the subject line āGovernment announces increased tax benefits in response to the Coronavirusā in its emails. However, the message contains a PDF attachment with an embedded URL that leads to a OneDrive credential phishing page.
[ul]
[li]Beware these new coronavirus email scams[/li][li]Hackers use Covid-19 āspecial offersā to spread malware[/li][li]āCorona antivirusā infects victims with malware[/li][/ul]
Proofpoint also observed a small email campaign that targets technology and IT organizations with the subject line āCOVID 19 : Relief Compensationā. The campaign claims to come from the WHO and IMF and says the recipient has ābeen randomly selected to be compensated financially due to the outbreak of the COVID-19 Epidemic outbreakā. Once again though, the email contains a malicious Microsoft Excel branded attachment that steals usersā emails and passwords.
Credit card attacks
In addition to the other campaigns Proofpoint discovered, the cybersecurity firm also found two that try and steal usersā credit card numbers.
The first one is a small email campaign that tries to steal user IDs, passwords and credit card numbers. It targets information security and technology organizations with the subject line āClaim Your Covid-19 Cashā. To help increase its credibility, the campaign claims to come from a major US credit card company and promises to waive late fees and issue a credit of up to $5,000. The emails sent in the campaign also contain a āClaim Nowā link that takes recipients to a spoofed page for the credit card company that attempts to steal their ID, password, email credit card and other details.
The second email campaign is much larger and primarily targets the manufacturing, technology and transportation industries as well as healthcare, aerospace, retail, energy, business services and hospitality companies. The campaign claims to be from a major UK bank with global customers and also spoofs their branding. The emails sent out by the cybercriminals behind it have a subject line which reads āCOVID-19 Relief Measures : FINANCIAL SUPPORT WITHā and names the bank.
To trick users into clicking on a malicious link, the email offers 300 Singapore dollars and tells the recipient to āStart Hereā to claim the money. However, the link then takes users to a spoofed page for the bank that asks for their name, address and credit card number.
In a blog post detailing these various campaigns, the Proofpoint Research Team explains that we will likely see the cybercriminals behind them continue to modify their strategies, saying:
āThe ongoing shift to coronavirus-themed messages and campaigns is truly social engineering at scale and these recent payment-related lures underscore that threat actors are paying attention to new developments. We anticipate threat actors will continue modifying their strategies as the news surrounding COVID-19 shifts.ā
[ul]
[li]Weāve also highlighted the best antivirus software[/li][/ul]
Continue readingā¦