Cyber criminals are still attempting to exploit the coronavirus pandemic for their own gain and they’re being helped by website templates that allow them to mimic government agencies and companies.
Researchers at cybersecurity company Proofpoint have identified over 300 phishing campaigns designed to steal personal information and bank details from victims – and many are using sites that are indistinguishable from the real thing, complete with authentic imagery and user interfaces.
More on privacy
The security company warned that these template make it easy for scammers to quickly create high-quality, malicious web domains to insert into their COVID-19 phishing campaigns.
Bodies from the World Health Organization, the US Centers for Disease Control, the IRS, the UK’s HMRC and even local councils across London are being mimicked in ready-to-use campaigns.
Many of the templates that are available on underground forums and marketplaces also feature multiple pages, making them look more authentic – therefore helping to trick visitors about the true intentions of the websites.
For example, a phishing website designed to look like Canadian government services provide both English-speaking and French-speaking options for entering details – and indicates that the attackers want to cover all bases possible.
“It tells us that the threat actors behind these sites pay attention to where people are going and what they use and take care to make their sites as credible as possible,” Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, told ZDNet.
“This makes them look more legitimate and therefore more likely to gather the credentials from the user,” she said.
Potential victims are often directed to these phoney websites in phishing attacks, usually under the impression that there’s an urgent action that needs to be taken.
And while the attacks have proved successful, not all of these bogus sites are perfect: for example, one of the HMRC phishing websites has a completely different user interface to the real thing.
But however the site is designed, the end goal is the same – steal login credentials, bank information and other personal data from users. And COVID-19 remains a key lure for a wide range of cyberattacks.
“These are made by a variety of threat actors who are large and small,” said DeGrippo.
It’s expected that campaigns related to COVID-19 will continue for as long as the outbreak itself does.
Cyber criminals have been attempting to exploit the coronavirus crisis for most of this year, often by posing as websites offering advice or claiming to offer cures or protective equipment related to the outbreak.
The UK’s National Cyber Security Centre (NCSC) has taken a number of fraudulent websites down after tip-offs following the launch of the suspicious email-reporting service. While the overall number of phishing emails and cyberattacks hasn’t gone up, cyber criminals are increasingly turning to coronavirus as a subject to lure victims into giving away their information.
The sudden rise in remote working has also caused additional security risks for both people and the organisations they work for.
MORE ON CYBERSECURITY
- Hackers target remote workers with fake Zoom downloader
- Working from home makes you vulnerable to hackers. Here’s how to stay safeCNET
- Cybersecurity staff are being transferred to IT support. That’s adding to the risk of data breaches
- Coronavirus: Critical IT policies and tools every business needsTechRepublic
- Security warning: State-backed hackers are trying to steal coronavirus research