Scam artists have discovered the coronavirus, and are sending phishing emails themed to the crisis, according to a study by Proofpoint’s threat research team.
For instance, one says "Trump Administration Covid-19 Check for Most Americans" in a scheme that targets healthcare and higher-education organizations, and to a lesser extent the tech industry.
The messages display the errors and poor grammar typical in scam messages.
The email seems a little out of date, stating that “the Trump administration is considering sending most American adults a check or $1,000 as part of the efforts to stimulate the economy and help workers whose jobs have been disrupted by business closures because of the pandemic.”
Actually, as most people know, a plan for $1,200 payments was included in the stimulus package passed by Congress and signed by the President.
The email continues: “All staff/faculty & employee include Student are expected to verify their email account for our payroll directory and adjustment for the month of March benefit payment. Please kindly Click on MARCH-BENEFIT secure link.”
The link, which is far from secure, brings them to a page that asks for their domain/user name, email address and password.”
Another phishing email, purporting to be rom the World Health Organization and the International Monetary Fund, targets technology and IT firms. The subject line is “COVID 19: Relief Compensation.”
The email states that the recipient has been “randomly selected to be compensated financially due to the outbreak of the COVID-19 Epidemic outbreak,” and serves a malicious Microsoft Excel branded attachment, the report says.
The attachment is wrongly titled "COVID18.html."
Another malicious campaign states: “Claim Your Covid-19 Cash” in the subject line. Pretending to come from a major credit card company, it is designed to steal credentials.
This is a global phenomenon. An Australian phishing campaign that claims to be sent by a major newspaper features the subject line "Government announces increased tax benefits in response to the Coronavirus."
Victims are led to a credential phishing page via a PDF attachment with an embedded URL, the report alleges.