Digital attacks continue to exploit coronavirus 2019 (COVID-19) as part of their malicious operations. On May 5, 2020, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) along with the United Kingdom’s National Cyber Security Centre (NCSC) published a joint alert in which they revealed that they had witnessed APT actors targeting local governments, academia and pharmaceutical companies. Investigators determined that these nefarious individuals were intent on stealing research data into a vaccine along with intellectual property for “commercial and state benefit.”

Digital attackers aren’t just targeting research organizations and medical entities. They’re also going after users and organizations of all shapes and sizes. With that said, it’s important to stay on top of the latest COVID-19 ruses circulating in the wild. Here are some of the most recent ploys that have made headlines.

Fake COVID-19 Credit Union Profiles Popping Up on Instagram

The PhishLabs team revealed to Security Boulevard that digital fraudsters are impersonating credit unions on Instagram. To pull this off, malicious actors began creating fake profiles that contain financial institutions’ names, logos and links to their websites along with mentions of COVID-19. They then started using those accounts to DM followers and to inform them that they had been selected for a cash prize.

An example of a DM from a fake COVID-19 credit union profile (Source: Security Boulevard)

The messages instructed users to send a text to a number so that an agent could help them claim the money. In reality, threat actors leveraged that number to convince users to hand over their account credentials. They then abused that information to compromise their victims’ banking accounts.

Work-from-Home Offers Used to Conceal Money Mule Scams

That wasn’t the only piece of research from PhishLabs this past week. In a blog post published (Read more...)