While the world is at a standstill waiting for a COVID-19 vaccine, for scammers, the clock seems to be ticking fast.
The federal government is warning about two phishing campaigns that are doing the rounds.
- The Canadian government alerted of a new COVID-19 scam wherein fraudsters masquerade as the government’s procurement department to send phishing emails, in an attempt to steal workers’ private information.
- A smear-cum-phishing campaign, allegedly propagated by Russian hackers, has been spotted misleading people about the Oxford COVID-19 Vaccine in the U.K and the U.S. Experts suspect the operation can further be exploited to deploy cryptomining or file-encrypting malware or spyware.
From attempting to steal research data to spreading misinformation, the involvement of Russian gangs was established by security experts on multiple occasions.
- Earlier this year, the U.S. and the U.K. formally accused the Russian intelligence of conspiring with the Cozy Bear (APT29) hacker group, attempting to steal valuable research and development information on the coronavirus vaccine.
- In another stint, Russian military intelligence, known as the G.R.U., reportedly pushed out English-language disinformation and propaganda about the pandemic.
Apart from the above, multiple warnings have been released by authorities to watch over scams concerned with benefit schemes related to unemployment and tax relief.
Hackers may return with new tactics
- About two weeks ago, and just before the announced deadline, cybercriminals had begun a credential phishing campaign for IRS COVID-19 relief via a legitimate SharePoint page.
- In August, a group of attackers attempted credential stuffing on several Canadian government sites to hijack GCKey and Canada Revenue Agency accounts of thousands of citizens to steal COVID-19 relief payments.
Criminals go where the money is. Several attempts by states meant to fill the gaping holes in the pandemic-hit economy are worth praising. However, unfortunately, the unquenching desire to make quick bucks has kept the program vulnerable to swindlers, and that’s where a bulk of the frauds are aimed at.