Recent Posts

Recent Blog Posts

The PhishLabs Blog

COVID-19 Phishing Update: Threat Actors Impersonating CDC, WHO

Posted by Jessica Ellis on Mar 26, '20

As COVID-19 continues to spread, we are seeing an increase in threat actors impersonating public health organizations and luring victims in with fake links to government agencies. The four examples below impersonate the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO) using lures we have recently observed.  

We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. 

Webmail Credential Theft Lures

In the first example, the sender uses SendGrid to distribute his fake nationalhealthcenter email address. The link in the message claims to provide an updated list of new cases, but it actually leads the victim to a webmail phish with the intent to steal login credentials.

Sender: nationalhealthcenter@gravitt.net

IP Address: 35.174.203.189


CDC Lure 1

In the second example, the threat actor(s) registered a fake domain for the lure and hosted the phish on it as well http://url4510.cdchealth.org/

Similar to the above, SendGrid is used, with the actual address originating from an Amazon AWS server. 

Domain: CDCHEALTH.ORG

IP Address: 35.175.22.107

CDC Lure 2

 

Coronavirus Payment Lures

The third lure promises payment to the victim as part of the compensation for the coronavirus. The sender’s address is compromised, which is why the cybercriminal instructs the victim to reply to a mich.collins@hotmail.com in order to receive compensation. One of the huge red flags in this message is the implication that in order to receive your payment, the victim must first pay $220.


CDC Lure 3

 

Donation Scams

The last lure uses a WHO spoofed email address in a donation scam. In it, the cybercriminal is asking for cryptocurrency transfer via Bitcoin wallet. If executed, there is little chance the transaction can be reversed. 


WHO coronavirus lure

As long as the pandemic exists, cybercriminals can take advantage of changing statistics and new data that could be useful to the public. The FBI has weighed in frequently on the rise in coronavirus-related fraud and phishing emails, reminding everyone to be wary of emails purportedly from public or government officials that claim to track or provide information on the virus.

For more intelligence on COVID-19 threats, go here.

Additional Resources:

Topics: COVID-19

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all