Recent Posts

Recent Blog Posts

The PhishLabs Blog

COVID-19 Phishing Update: Your Bank is Not Texting You About Coronavirus

Posted by Jessica Ellis on Mar 30, '20

Threat actors continue using COVID-19 fears to exploit individuals on a variety of channels. Today we are taking a look at two new, related SMS lures. 

We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic. 

 

Scotia sms

 

The first example is a lure we found targeting a major Canadian bank. In it, the threat actor prompts the victim to click on the link http://s4-update0{dot}.com/3/, which leads to a web site asking for banking credentials. 

 

Scotia sms phish-1

 

This phish, as well as others we identified, were tied to the email sheffieldutd818@outlook.com.

IP Address: 111.90.142.123

 

CND sms phish

 

The second example also targets major Canadian banks. By clicking the link, victims are led to emergencycanadaresponse.xyz and asked to choose their bank, as well as enter their account information. 

The lack of security filtering on our phones, plus the misguided belief that they are secure makes SMS or text messages a prime - and growing - avenue for malicious activity. Unfortunately, there are numerous issues in identifying and reporting SMS Lures. That, in addition to the ease with which we use our devices, makes this type of lure a particularly effective one. 

For more intelligence on COVID-19 threats, see our ongoing coverage.

Topics: COVID-19

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all