Threat actors are creating highly-detailed, malicious web domains to drive their COVID-19 phishing campaigns. With an aim to steal credentials, phishing attackers are creating their email lures with COVID-19-themed website templates.
The hue and cry
- Threat actors are using fake websites, associated with COVID-19 financial assistance, to capture credentials. According to Proofpoint, more than half of the observed COVID-19 phishing campaigns since January 2020 are focused on stealing user credentials.
- By creating COVID-19-themed credential phishing website templates, attackers mimic government bodies and trusted non-governmental organizations (NGOs). Many of these templates comprise multiple pages, which helps in deception.
Recent phishing templates
- Resembling the actual World Health Organization (WHO) site, attackers designed a template copying the WHO logo and color scheme as part of a credential phishing campaign. Designed to collect a visitor’s username and password from the site, the campaign was notable as it was the first example of a COVID-19 specific credential phishing template observed in February.
- Attackers designed a credential phishing template to spoof the legal site of the United States Centers for Disease Control (CDC). This malicious template asked the visitors for their email address and password so that they can collect a “Vaccine ID.”
- An Internal Revenue Service (IRS) template was found to offer the visitors “financial aid” as part of a COVID-19 relief program. To obtain financial aid, the visitors were asked for their personal details.
- A multi-layered template spoofed the legal Canadian Government website to gather users’ names and social insurance numbers.
- Attackers created malicious web templates to represent Westminster City Council’s section of the United Kingdom government website. These templates promise to provide COVID-19 relief funds by capturing personal information.
The bottom line
It's evident that cybercriminals follow trends closely. Particularly, the government initiatives to offer financial aid has caught the attention of hackers who target those funds directly and utilize them as themes for their malware and credential phishing attacks. As the pandemic continues to spread across the globe, such COVID-19-themed attacks are likely to intensify.