Recent Posts

Recent Blog Posts

The PhishLabs Blog

COVID-19 Phishing Update: BEC Lures use Pandemic to Enhance Attacks

Posted by Jessica Ellis on May 8, '20

Threat actors are using the novel coronavirus to add credibility in recent Business Email Compromise (BEC) attacks. Below are three examples of how they are doing it. 
 
We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic.
 
Screen Shot 2020-05-08 at 9.03.16 AM

In the first example the threat actor pretends to be a senior administrator requesting a payroll update. COVID-19 is mentioned briefly as the reason for the change. If the targeted staff member provides any paycheck information, it will most likely be stolen. 
 
Sender’s address: my@outtoficemailbox.com

Screen Shot 2020-05-08 at 9.29.48 AM

The second example uses a spoofed email address to target multiple members of a large software company. In it, the pandemic is used as an excuse to send ACH information that is fraudulent. 
 
The threat actor has CC’d the fake email address ekirk@fusionlads.net to be sure the victim’s reply goes there by default. 
 
Screen Shot 2020-05-08 at 9.42.23 AM

The final example is a very well-written lure impersonating the CEO of a global financial institution. The email states they will be acquiring a foreign company because of COVID-19 and the victim is expected to assist in the acquisition. The sensitive nature of the transaction suggests the intent is to ultimately obtain company secrets or financial information. 
 
Sender’s address: gateway-pluto@mail-transport-gateway.cc
 
Recently, the FBI has reported an increase in BEC attacks. Already a highly-targeted attack relying mainly on social engineering, the added uncertainty around the pandemic is giving cyber criminals a new and persuasive element to add to their messaging.

For more intelligence on COVID-19 threats, see our ongoing coverage.

Topics: COVID-19

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all