Malicious actors are throwing a twist to an old saying that ‘Nothing comes for free’ by scamming people into giving away their funds and personal data during this COVID-19 outbreak. They have devised many unique tactics to dupe users with items or offers that actually does not exits. 

While fake PPE, and vaccines for Coronavirus as lures are giving a boost to malicious actors’ phishing intents, online media have now become a new hotbed for cybercrime during the COVID-19 pandemic. 

What’s happening?

  • With lockdown still in place in many parts of the world, attackers are paying attention to the increase in the use of online streaming services and torrent downloads in a bid to capitalize themselves.
  • According to Mimecast, threat actors registered over 700 domains impersonating the Netflix and Disney+ brands. The sole purpose of these websites was to steal users’ login credentials. 
  • Malicious actors took advantage of pirate streaming services and movie piracy sites during the COVID-19 pandemic to infect users. In one such campaign observed, threat actors, inserted a malicious VBScript in ZIP files meant for movie downloads. 
  • Avast reported a scam wherein malicious actors had set up a phony website that hyped about an ebook named ‘Pandemic Survival’. The website was tied to several well-known media brands including, CNN, People Magazine and CNBC to dupe as many people as possible.     

How to address it?

  • Users should be vigilant about the phony websites that pretend to be streaming services or other well-known online media brands. 
  • They should check the spellings of the URL before clicking on them. 
  • Users should not be lured away by free subscriptions and offers which ultimately can lead to both personal and financial loss.   

Cyware Publisher