sb-nz logo
Story image

'Social engineering at scale': Phishing attacks milk COVID-19

08 Apr 2020

Researchers at cybersecurity firm Proofpoint have published details of some of the most prevalent phishing attacks related to the COVID-19 coronavirus – and attackers are using false cash stimulus ‘promises’ as bait.

Genuine cash stimulus packages from governments and banks are common while COVID-19 damages people and economies – and cybercriminals have seen the potential, as they have impersonated these institutions – and even the World Health Organization (WHO) itself.

In one case, a phishing campaign targeted at tech and IT firms worldwide claims to come from the WHO and the International Monetary Fund (IMF). It says the recipient has been ‘randomly selected’ for financial compensation due to COVID-19. To claim their funds, they must view and print the attached document.

The email contains a malicious Excel-branded attachment, called COVID18-COMPENSATION.html, that asks for a username and password when opened. Attackers have then collected those usernames and passwords.

In another case, attackers have impersonated a major Australian newspaper to trick recipients into clicking an attachment with an embedded URL that then spoofs a OneDrive login page.

According to Proofpoint researchers, the email claims that the “Government has released its stimulus package in response to the Coronavirus outbreak” and encourages the recipient to open the malicious attachment for more details. 

When users click the link, a spoofed OneDrive login page collects user information.

Proofpoint researchers comment that the emails are actually delivered by “Romanian top-level domain address of “.ro.” To appear authentic, the message includes supposed contact information for the paper and notes that they are “…happy to advise that we have now moved back to” the address provided. It’s notable that the address in the email does not match the newspaper being spoofed.”

In a third case, attackers targeted US healthcare and higher education institutions in a campaign claiming that the Trump administration may send US adults a check for $1000 to stimulate the economy.

That, however, is false – as people who click the link are taken to a phishing page that asks for domain/username, email address, and password.

“The messages are notable for its crude design, as the message has clear grammar and usage errors and uses a basic webpage clearly branded by a free website maker for its credential phishing,” say Proofpoint researchers.

The researchers say that the wider implications of these phishing attempts show that attackers are using ‘social engineering at scale’. Researchers believe the attackers will continue to change their attack strategies to keep up with news about COVID-19.

Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
SOC, SIEM, SOAR and SASE define Fortinet’s Security Fabric
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, deciphers the jargon and explains how an alphabet soup of integrated security services spells comprehensive protection for your network and ensures business continuity.More
Story image
Attack from DOS: In Zero We Trust
In combination with malware, DDoS attacks on banks have been used to cause distraction so the transfer of stolen funds goes unnoticed. More
Story image
Businesses left to make decisions based on old, inaccurate data, study finds
"It is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."More
Story image
How cyber-attackers use Microsoft 365 tools to steal data
Vectra security research has recently identified how cyber-attackers use Microsoft Office 365 tools against organisations to steal data and take over accounts.More