Cyber crooks continue to exploit COVID-19 for their malicious schemes

2020-03-20 14:04

We've already covered a variety of COVID-19-themed scams, phishing attempts, hoaxes and malware delivery campaigns, but new and inventive approaches are popping up daily.

"BEC attacks are often delivered in stages. The first email sent is typically innocuous, meaning that they do not contain the attacker's end goal. The attackers craft plausible scenarios in hopes the recipient will reply. Once they're on the hook, the attacker will send their true ask.," the researchers explained.

"These coronavirus-themed BEC attacks often come with spoofed display names, which are likely real people known to the recipient. In the body of this message, the actor attempts to eliminate the possibility of voice-verification, in hopes of ensuring a higher success rate, by saying their phone is 'faulty at the moment.'".

To make the threat more believable, the scammer uses leaked passwords in an attempt to create the impression that they know a lot about the recipient.

A threat actor advertising a service in which they craft coronavirus-focused scam letters and scam sites for customers.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/X_g-FzR_Zgk/

#covid19 #exploit