sb-nz logo
Story image

'Social engineering at scale': Phishing attacks milk COVID-19

08 Apr 2020

Researchers at cybersecurity firm Proofpoint have published details of some of the most prevalent phishing attacks related to the COVID-19 coronavirus – and attackers are using false cash stimulus ‘promises’ as bait.

Genuine cash stimulus packages from governments and banks are common while COVID-19 damages people and economies – and cybercriminals have seen the potential, as they have impersonated these institutions – and even the World Health Organization (WHO) itself.

In one case, a phishing campaign targeted at tech and IT firms worldwide claims to come from the WHO and the International Monetary Fund (IMF). It says the recipient has been ‘randomly selected’ for financial compensation due to COVID-19. To claim their funds, they must view and print the attached document.

The email contains a malicious Excel-branded attachment, called COVID18-COMPENSATION.html, that asks for a username and password when opened. Attackers have then collected those usernames and passwords.

In another case, attackers have impersonated a major Australian newspaper to trick recipients into clicking an attachment with an embedded URL that then spoofs a OneDrive login page.

According to Proofpoint researchers, the email claims that the “Government has released its stimulus package in response to the Coronavirus outbreak” and encourages the recipient to open the malicious attachment for more details. 

When users click the link, a spoofed OneDrive login page collects user information.

Proofpoint researchers comment that the emails are actually delivered by “Romanian top-level domain address of “.ro.” To appear authentic, the message includes supposed contact information for the paper and notes that they are “…happy to advise that we have now moved back to” the address provided. It’s notable that the address in the email does not match the newspaper being spoofed.”

In a third case, attackers targeted US healthcare and higher education institutions in a campaign claiming that the Trump administration may send US adults a check for $1000 to stimulate the economy.

That, however, is false – as people who click the link are taken to a phishing page that asks for domain/username, email address, and password.

“The messages are notable for its crude design, as the message has clear grammar and usage errors and uses a basic webpage clearly branded by a free website maker for its credential phishing,” say Proofpoint researchers.

The researchers say that the wider implications of these phishing attempts show that attackers are using ‘social engineering at scale’. Researchers believe the attackers will continue to change their attack strategies to keep up with news about COVID-19.

Story image
Almost 70% of APAC consumers willing to trade privacy for better UX
Respondents from China (82%), India (79%) and Indonesia (79%) are the most willing to share their data, with respondents from Japan (43%), Australia (50%) and Singapore (58%) being the least likely to trade data for more seamless experiences.More
Download image
Why the standard for cloud app authentication keeps getting higher
With this tool, users can choose their authentication method, integrate all apps with one authentication solution and take the stress out of logging in.More
Story image
Cyber-attacks thrust IT compliance to the top of the business agenda
If an organisation is running on the cloud, its ecosystem has to be compliant with industry standards and frameworks. Here are some tips on how to ensure compliance processes are fit for purpose.More
Link image
Making SASE a reality with dynamic edge protection
Gartner’s Secure Access Service Edge (SASE) model for cloud-delivered security is a new paradigm – Forcepoint’s Dynamic Edge Protection is one of the first to take this paradigm and make it a reality. Find out more.More
Link image
How virtualisation has overhauled traditional HSM
Hardware security modules (HSMs) have undergone a drastic change since the inception of cloud computing. Here's how virtual HSMs can boost growth and security, compared with their predecessor.More
Story image
Claroty and Check Point announce partnership to secure industrial control networks
The collaboration is based around an integration between Claroty’s Continuous Threat Detection (CTD) and Check Point’s recently released IoT Protect solution. More