Malicious actors are throwing a twist to an old saying that ‘Nothing comes for free’ by scamming people into giving away their funds and personal data during this COVID-19 outbreak. They have devised many unique tactics to dupe users with items or offers that actually does not exits.
While fake PPE, and vaccines for Coronavirus as lures are giving a boost to malicious actors’ phishing intents, online media have now become a new hotbed for cybercrime during the COVID-19 pandemic.
- With lockdown still in place in many parts of the world, attackers are paying attention to the increase in the use of online streaming services and torrent downloads in a bid to capitalize themselves.
- According to Mimecast, threat actors registered over 700 domains impersonating the Netflix and Disney+ brands. The sole purpose of these websites was to steal users’ login credentials.
- Malicious actors took advantage of pirate streaming services and movie piracy sites during the COVID-19 pandemic to infect users. In one such campaign observed, threat actors, inserted a malicious VBScript in ZIP files meant for movie downloads.
- Avast reported a scam wherein malicious actors had set up a phony website that hyped about an ebook named ‘Pandemic Survival’. The website was tied to several well-known media brands including, CNN, People Magazine and CNBC to dupe as many people as possible.
How to address it?
- Users should be vigilant about the phony websites that pretend to be streaming services or other well-known online media brands.
- They should check the spellings of the URL before clicking on them.
- Users should not be lured away by free subscriptions and offers which ultimately can lead to both personal and financial loss.