Phishers are incessantly pumping out COVID-19 themed phishing campaigns and refining the malicious pages the targets are directed to.
“Credential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting. The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials,” Proofpoint researchers have noted.
The COVID-19 themed phishing templates
Cybercriminals have eagerly embraced the opportunities brought on by the COVID-19 pandemic. One of those is the fact that many governments and non-governmental organizations are offering crucial information about the virus and/or financial assistance.
The crooks have put in a lot of effort into creating convincing phishing page templates to impersonate these organizations and make it easier to quickly set up new pages once current ones get blacklisted.
Most of the templates aren’t exact copies of the impersonated websites, but they do copy their look and feel – and that’s often enough to fool many targets.
For example: the multi-layered template that spoofs the legitimate Canadian government website starts with a page that asks users to chose whether they want to continue using the site in English or French (the country’s two official languages), and then offers the credential phishing pages in the chosen language.
Another template that impersonates the US Internal Revenue Service (IRS) first tells the potential victim they are eligible for financial aid as part of the COVID-19 relief program and then leads them to the page asking for their personal information.
Similar schemes are used to impersonate Her Majesty’s Revenue and Customs (HMRC) in the United Kingdom, the French government, the World Health Organization (WHO), the US Centers for Disease Control (CDC), and so on.
The crooks are exploiting people’s anxiety and despair to steal login credentials for a variety of online accounts – Gmail, Office 365, Outlook, etc. – as well as sensitive information such as names, addresses, social security/insurance numbers, payment card information, and so on.
So far, ProofPoint researchers have seen more than 300 different COVID-19 campaigns this year and, as the COVID-19 situation continues to unfold, they expect these kinds of attacks to continue and threat actors to offer additional tools that can make those attacks easier to carry out.