Security News > 2020 > April > Coronavirus-themed phishing attacks aim to capture banking credentials
These emails claim to offer help on getting government funds but instead lead recipients to a web page that tries to capture their banking credentials.
A button on the site proclaims: "Get Economic Impact Payment Now." Clicking on that button triggers a dropdown menu with the names of well-known banks, such as Wells Fargo, Chase, Bank of America, and Citizens Bank.
Choosing your particular bank brings up a page with the bank's actual logo prompting you to enter your account username and password.
Behind the scenes, your banking credentials are now in the hands of the scammers.
The scammers used HTML and CSS in a professional way to design a convincing phishing site, according to INKY. The dropdown menu of the banks, the bank logos, and the bank login pages all look legitimate.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)