SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Email Security
#
Phishing
'Social engineering at scale': Phishing attacks milk COVID-19
Wed, 8th Apr 2020
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Researchers at cybersecurity firm Proofpoint have published details of some of the most prevalent phishing attacks related to the COVID-19 coronavirus – and attackers are using false cash stimulus ‘promises' as bait.

Genuine cash stimulus packages from governments and banks are common while COVID-19 damages people and economies – and cybercriminals have seen the potential, as they have impersonated these institutions – and even the World Health Organization (WHO) itself.

In one case, a phishing campaign targeted at tech and IT firms worldwide claims to come from the WHO and the International Monetary Fund (IMF). It says the recipient has been ‘randomly selected' for financial compensation due to COVID-19. To claim their funds, they must view and print the attached document.

The email contains a malicious Excel-branded attachment, called COVID-1918-COMPENSATION.html, that asks for a username and password when opened. Attackers have then collected those usernames and passwords.

In another case, attackers have impersonated a major Australian newspaper to trick recipients into clicking an attachment with an embedded URL that then spoofs a OneDrive login page.

According to Proofpoint researchers, the email claims that the “Government has released its stimulus package in response to the Coronavirus outbreak” and encourages the recipient to open the malicious attachment for more details.

When users click the link, a spoofed OneDrive login page collects user information.

Proofpoint researchers comment that the emails are actually delivered by “Romanian top-level domain address of “.ro.” To appear authentic, the message includes supposed contact information for the paper and notes that they are “…happy to advise that we have now moved back to” the address provided. It's notable that the address in the email does not match the newspaper being spoofed.

In a third case, attackers targeted US healthcare and higher education institutions in a campaign claiming that the Trump administration may send US adults a check for $1000 to stimulate the economy.

That, however, is false – as people who click the link are taken to a phishing page that asks for domain/username, email address, and password.

“The messages are notable for its crude design, as the message has clear grammar and usage errors and uses a basic webpage clearly branded by a free website maker for its credential phishing,” say Proofpoint researchers.

The researchers say that the wider implications of these phishing attempts show that attackers are using ‘social engineering at scale'. Researchers believe the attackers will continue to change their attack strategies to keep up with news about COVID-19.

Related stories
Mandiant unveils latest M-Trends 2024 cybersecurity report
Legit Security announces strategic partnership with GuidePoint Security
'Junk gun' ransomware: New low-cost cyber threat targets SMBs
Healthcare sector's cybersecurity confidence misplaced, warns Kroll report
Gartner survey reveals challenges in zero-trust strategy implementation
Top stories
Cradlepoint launches rapid-deploy secure network solution NetCloud SASE
KnowBe4 to acquire Egress for enhanced AI-driven cybersecurity
New ITW Global Leaders Forum code targets international voice fraud
Gen AI optimism high in ANZ but cybersecurity concerns loom
NetApp 2024 report uncovers 'disrupt or die' era powered by AI