Security News > 2020 > April > Coronavirus-themed phishing attacks aim to capture banking credentials
These emails claim to offer help on getting government funds but instead lead recipients to a web page that tries to capture their banking credentials.
A button on the site proclaims: "Get Economic Impact Payment Now." Clicking on that button triggers a dropdown menu with the names of well-known banks, such as Wells Fargo, Chase, Bank of America, and Citizens Bank.
Choosing your particular bank brings up a page with the bank's actual logo prompting you to enter your account username and password.
Behind the scenes, your banking credentials are now in the hands of the scammers.
The scammers used HTML and CSS in a professional way to design a convincing phishing site, according to INKY. The dropdown menu of the banks, the bank logos, and the bank login pages all look legitimate.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- How New AI Agents Will Transform Credential Stuffing Attacks (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (source)