As the COVID-19 pandemic persists, cyberattackers and scammers have been impersonating government websites in phishing emails.
“Over the last two months we observed a surge in the creation of COVID-19-themed credential phishing website templates that mimic the brands of numerous governments and trusted non-governmental organizations (NGOs) including the World Health Organization (WHO), Internal Revenue Service (IRS), Centers for Disease Control (CDC), the United Kingdom government, the government of Canada, and the government of France,” wrote cybersecurity company Proofpoint.
Scammers are taking advantage of the #COVID19 pandemic! Look out for fake websites, e-commerce platforms, social media accounts, emails and calls impersonating businesses and government authorities. If you think you've been scammed make a report to https://t.co/E9WU65RMOW pic.twitter.com/mBUfjhWLD1
— ACT Health (@ACTHealth) April 30, 2020
Scammers have taken advantage of the coronavirus to convince people to share their personal information online through phishing. They do so by creating fraudulent email addresses and websites to deceive users.
“These templates enable a threat actor of less sophisticated technical abilities to launch a well-crafted credential phishing attack,” said Sherrod DeGrippo, Proofpoint’s senior director of threat research and detection. “Threat actors can then lure their targets into clicking links that lead to these pages,” he also said.
These bad actors will send emails to people. They use “legitimate-looking email addresses claiming to offer things like a coronavirus vaccine or extra stimulus cash,” as per Fox Business. The emails will have a link that leads to a fraudulent website. These fake websites will then ask users to input sensitive information.
“Distribution typically operates between threat actors directly, and transactions can occur through underground marketplaces at varying costs. Some threat actors make and use these templates, others generate them and sell them. There are similar credential phishing kits available for use for free,” DeGrippo then said.
“Threat actors worldwide continue to follow the news surrounding the COVID-19 pandemic,” he also said. They will allegedly “adapt their themes to try and take advantage of human vulnerabilities, fears, and concerns, which are shared across countries,” he further stated. “It’s clear that threat actors are localizing phishing lures to particular countries through native language, stolen branding of local institutions, and social engineering around concerns and fears specific to their region.”