As the threat landscape continues to be dominated by coronavirus-related activity, Proofpoint researchers have observed an emerging trend of social engineering lures around financial relief. These campaigns use the promise of payments by global governments and businesses (specifically financial institutions) aimed at easing the economic impact of the ongoing pandemic to urge users to click links or download files.
In this update, we highlight a few of these campaign examples that are targeting those in the U.S., UK, Australia.
Government-Themed Attacks
Credential Phish: Trump Administration Covid-19 Check for Most Americans
Key Points: This medium-sized credential phish campaign primarily targeted U.S. healthcare and higher education organizations with a message claiming that the Trump administration is considering sending most American adults a check to help stimulate the economy. The email asks recipients to verify their email account through a malicious link that directs them to a phishing page.
Summary:
This medium-sized credential phishing campaign primarily targeted the United States and was largely sent to healthcare and higher education organizations. Secondary targeting for this campaign includes the technology industry, including information security companies. The messages are notable for its crude design, as the message has clear grammar and usage errors and uses a basic webpage clearly branded by a free website maker for its credential phishing.
The email notes that “the Trump administration is considering sending most American adults a check for $1,000 as part of the efforts to stimulate the economy and help workers whose jobs have been disrupted by business closures because of the pandemic”.
Recipients are directed to verify their information for the “new payroll directory” by clicking the malicious link in the email.
If the recipient clicks the link, they are taken to the phishing page which asks for their domain\username, email address and password .