• by Ray Schultz , May 15, 2020

Threat actors are barraging email inboxes with COVID-19-themed phishing campaigns that mimic governments and trusted groups and are designed to steal credentials, according to Ready-made COVID-19 Themed Templates Copy Government Websites Worldwide, a study by security firm Proofpoint. 

Of the 300-plus COVID-19 campaigns studied globally since January, half seek to steal credentials.

COVID-19-related page deployments went from zero in January to a peak on March 26, and have declined since then, although they are still higher than January’s levels.

The first such effort, seen on Feb. 6, spoofs the World Health Organization site. It features a photo of masked children, and asks intended victim to verify their email and password. 

Another mimics the U.S. Centers for Disease Control (CDC). It states, “Authenticate with your email provider to generate Vaccine ID,” and asks for the email address and password. The template copies the actual CDC graphic.

Then there is one that claims it is from the IRS. The message says, “After an accounting audit of our records, we discovered that you are eligible for an instant account of 1079.83 USD worth of financial aid.”

It continues, “Upon submission, your request will be further reviewed by our accounting team and the amount in question will be credited to your confirmed financial institution in a timeframe of 48 hours.”

Citizens in Canada, France and the UK are being targeted with similar schemes 

For example, a message pretending to be from HM Revenue & Customs says, “Please complete below in order for us to process your tax relief. HM Revenue and Customs (HMRC) will usually send repayments within 2 weeks, but it may take longer due to the Pandemic of the Coronavirus (COVID-19). 

The message asks for full name, date of birth, telephone number, email address and postal address.

Other messages spoof local councils.