Through powersolution’s membership of the Cyber Health Working Group (CHWG)*, a new phishing campaign has been detected and reported on. This phishing campaign is designed around COVID-19 themed emails that contain a link to a phishing page that attempts to collect credentials for multiple banks. The attackers then use the information collected to extort funds from the victims.
An example of the phishing email follows:
If the link is clicked, it redirects to the following website:
Email header analysis shows that the emails are being sent from a server in Poland (.pl), sent from an email ending in a Russian (.ru) domain.
Received: from cromptonqatarcom.comercialsommecom (bd121.itcomp.pl [184.108.40.206])
Wed, 22 Apr 2020 12:18:15 +0000
From: Federal Reserve System <email@example.com>
Subject: Receive payment.
Date: Wed, 22 Apr 2020 12:18:12 +0000
Phishing is dangerous, and can lead to having your data compromised.
Please be vigilant when opening emails and clicking links.
Always think twice about entering any credentials or information on a website, especially sensitive information such as email credentials, bank account information, or any personal information. Attack groups typically use current events to make the emails seem more real, as in this case with the email referencing COVID-19.
*The CHWG is a community of IT professionals in the health sector who share real-time tactical information about threats, trends, and best practices. The Cyber Health Working Group maintains a web-based platform which provides tools for its members to share cyber threat information and resources. It also hosts webinars focused on a specific cyber threat, training topic, best practice, or threat mitigation solution in the health sector. The CHWG was originally created by the National Capital Region chapter of InfraGard (InfraGard NCR) and the Cyber Task Force (CTF) at the FBI’s Washington Field Office, in partnership with the InfraGard National Members Alliance (INMA). The CHWG is currently managed and operated by the National Cyber-Forensics & Training Alliance (NCFTA) and the Executive Partnership for Integrated Collaboration (EPIC), and also hosted by EPIC.
Please, note — powersolution.com has measures in place to help protect our clients against rogue threats such as the malicious COVID-19 warning.