Security News > 2020 > April > Coronavirus-themed phishing attacks aim to capture banking credentials
These emails claim to offer help on getting government funds but instead lead recipients to a web page that tries to capture their banking credentials.
A button on the site proclaims: "Get Economic Impact Payment Now." Clicking on that button triggers a dropdown menu with the names of well-known banks, such as Wells Fargo, Chase, Bank of America, and Citizens Bank.
Choosing your particular bank brings up a page with the bank's actual logo prompting you to enter your account username and password.
Behind the scenes, your banking credentials are now in the hands of the scammers.
The scammers used HTML and CSS in a professional way to design a convincing phishing site, according to INKY. The dropdown menu of the banks, the bank logos, and the bank login pages all look legitimate.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- GoIssue phishing tool targets GitHub developer credentials (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (source)
- Inside the incident: Uncovering an advanced phishing attack (source)