A large number of hackers are specifically targeting financial aids and subsidies given by governments across the world to fight against the COVID-19 epidemic.
What are hackers doing
- Hackers have been busy registering fake domain names and other assets, to impersonate legitimate government initiatives.
- According to Check Point Report, in the month of March, around 2081 new domains were registered, 38 of which were malicious, while 583 were considered suspicious.
- Within the first seven days of the month of April, 18 malicious and 73 suspicious domain names were identified.
- Globally, since January, a total of 4,305 domains relating to new stimulus/relief packages have been registered.
How these domains are misused
- Hackers promote these fake websites via emails and SMS, urging users to provide their personal and financial information.
- When users visit malicious websites, they are tricked into providing their personal and sensitive details, which are collected by hackers.
- The details are then used by hackers to make fake claims for the declared grants, and cash in the grant amount in their accounts.
How bad is this
- In April 2020, Google has observed more than 240 million daily spam messages related to the novel coronavirus.
- Within a one week span, more than 18 million daily emails were sent that were carrying some kind of malware or were pertaining to some phishing scams.
Recent incidents in the wild
- In Germany, the North Rhine-Westphalia (NRW) province lost millions of euros due to phishing attacks. Using fake websites in the name of NRW Ministry of Economic Affairs, hackers collected personal information of around 4000 people and used their details to make fraudulent claims worth around €100 million ($109 million).
- In India, since the declaration of relaxation in bank loans and moratorium period, fraudsters were seen sending SMSes or e-mails, promising new loans or relaxation in existing loans by asking users for their personal details like bank account numbers, pin numbers, Aadhar card numbers, etc.
How to stay protected
- Be extra cautious about lookalike domain names, or spelling discrepancies in emails or websites.
- Avoid opening emails and attachments received from unknown sources or users, especially involving any kind of financial transactions.