Digital attacks continue to exploit coronavirus 2019 (COVID-19) as part of their malicious operations. On May 5, 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) along with the United Kingdom’s National Cyber Security Centre (NCSC) published a joint alert in which they revealed that they had witnessed APT actors targeting local governments, academia and pharmaceutical companies. Investigators determined that these nefarious individuals were intent on stealing research data into a vaccine along with intellectual property for “commercial and state benefit.”
Digital attackers aren’t just targeting research organizations and medical entities. They’re also going after users and organizations of all shapes and sizes. With that said, it’s important to stay on top of the latest COVID-19 ruses circulating in the wild. Here are some of the most recent ploys that have made headlines.
Fake COVID-19 Credit Union Profiles Popping Up on Instagram
The PhishLabs team revealed to Security Boulevard that digital fraudsters are impersonating credit unions on Instagram. To pull this off, malicious actors began creating fake profiles that contain financial institutions’ names, logos and links to their websites along with mentions of COVID-19. They then started using those accounts to DM followers and to inform them that they had been selected for a cash prize.
The messages instructed users to send a text to a number so that an agent could help them claim the money. In reality, threat actors leveraged that number to convince users to hand over their account credentials. They then abused that information to compromise their victims’ banking accounts.
Work-from-Home Offers Used to Conceal Money Mule Scams
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/covid-19-scam-roundup-may-11-2020/