Cybercriminals have been taking advantage of the ongoing coronavirus pandemic, using COVID-19 and renowned brands as lures in phishing emails, in an attempt to steal victim’s credentials. Recently, some professionals hacking agencies were also seen using coronavirus-themed attacks to lure unsuspecting victims.

What happened now

  • In March 2020, World Health Organization (WHO) had published an alert, providing warning against impersonation attempts using its brand name. But still, several hackers continue to use its brand name to lure their victims.
  • In May 2020, several India-based “Hack-for-hire” organizations were spotted creating Gmail accounts that spoof the WHO to send coronavirus-themed phishing emails.
  • These fake legitimate-looking login pages attempted to convince the victims to hand over their Google account credentials and Personally Identifiable Information (PII).
  • In this wave of attacks, the attackers mostly targeted business leaders in financial services, consulting, and healthcare organizations, across several countries, including the US, Bahrain, Canada, Cyprus, India, Slovenia, and the U.K.

Similar attempts have been observed frequently in the past few months. 
  • In May 2020, hackers had created COVID-19-themed credential phishing website templates to impersonate as numerous governments and trusted NGOs such as the WHO and others to lure them into financial assistance.
  • In April 2020, the Charming Kitten advanced persistent threat (APT) group was observed targeting medical and healthcare professionals by mimicked as the WHO’s internal email system to steal passwords from multiple agency staffers.

Other Brands Impersonated as well

Besides WHO, hackers have been targeting several renowned numerous governments, non-governmental organizations, and popular brand names to lure victims across the world.

  • In April 2020, multiple spam campaigns were found impersonating the U.S. Small Business Administration, the WHO, and the U.S. banking institutions promising government relief funds to the recipients.

  • In April 2020, National Health Service (U.K.) website was used by hackers to infect concerned citizens with malicious trojan and scraped sensitive data after tricking visitors into downloading an infected file.
  • In the same month, fraudsters leveraged the COVID-19 lockdown to target UK consumers via WhatsApp and advertised a free Heineken beer phishing scam.

  • In April 2020, cybercriminals launched malvertising campaigns, hosting the Fallout Exploit kit to adapt their malicious ads, making them relevant to the COVID-19 crisis and targeted Internet Explorer users in Canada to steal their information.
  • In the same month, hackers targeted Canadian users with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure.

A word of caution

Follow the security guidelines provided by WHO, and avoid clicking on suspicious links from unknown users. Do not trust any random email claiming to be from a renowned brand, and do not provide any personal information in response to such requests without a thorough verification.

Cyware Publisher