Recent Posts

Recent Blog Posts

The PhishLabs Blog

COVID-19 Phishing Update: Campaigns Exploiting Hope for a Cure

Posted by Jessica Ellis on Mar 24, '20

We continue to see a wide range of lures exploiting coronavirus fears. In this post, we take a look at three recently observed lure samples that use the possibility of a cure to entice victims.

We are providing ongoing updates on coronavirus-themed attacks observed by the PhishLabs team. This post and others are meant to help the security community stay up-to-date on how threat actors are exploiting the pandemic.

The first example is a targeted phish that leads to a malicious site in order to steal Microsoft Office 365 credentials. The sender’s address is spoofed and the message itself urges the victim to click on time stamped files in order to access information on a cure.

Actual sender IP: 67.231.149.113

Coronavirus cure Blog

 

The second email claims to be from a U.S. biotech firm secretly bypassing the National Institute of Allergy and Infectious Diseases (NIAID) in order to give you information on the COVID-19 vaccine. This lure encourages the victim to reply to the email address listed in the body. The motive is unknown without playing along, but this type of lure traditionally is looking for money or PII.

Sender: dr.talzak@shrespects.com

Registrant sh_respect@yahoo.com just registered shrespects.com 2020-01-15 in Lagos Nigeria.

 

coronavirus cure blog 3

 

The third lure is similar to the second, being that we cannot be certain of the motive without interacting with the scammer. Note that the sender’s name does not match the email, nor the reply-to.

Sender: Dr Annika <margaretcaul@eircom.net>

Reply-to: shirindaclark@gmail.com

Coronavirus cure blog 2

 

WHO is actively working to repurpose vaccines to slow or stop the pandemic, and threat actors know this. With social media saturated with information that is ever-changing around the development of a potential cure, cybercriminals have a unique opportunity to masquerade as authority figures communicating critical information - a tactic not formerly utilized in past campaigns.

Topics: COVID-19

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Subscribe to Email Updates

Posts by Topic

see all