Scammers continue to devise numerous ways of defrauding people in connection with COVID-19. The SonicWall Capture Labs Threat Research team has come across the below scams in connection with COVID-19.
IRS economic impact payment scam: The Capture Labs Threat Research team discovered a malicious campaign that involves government relief payments. It claims to have come from the Internal Revenue Service (IRS) and requests the user to verify the account number in the attachment. But the attachment “Attached doc.iso” is actually a malicious iso file that drops a remote access trojan onto the user machine.
Bank payment relief notice scam: The team also found a phishing campaign that is targeted towards customers of Absa, an African based financial services group. It claims to be the notice of payment relief plan for COVID-19 but the attached document is an html file, which when launched takes the user to the phishing webpage of Absa internet bank.
Medical supply scam: The research team also found a campaign targeted towards the medical supply businesses. It requests the medical supplier to supply the products specified in the attachment but the attached document is not a pdf file, it is a malicious executable that belongs to the malware family Agensla, that steals credentials from the victim’s browser, FTP and email clients.
CDC Phishing Scam: Another phishing campaign, found by the SonicWall team, claims to have come from CDC, stating that it is closely monitoring the Intellectual property landscape while responding to the Covid-19 outbreak across the Asia-Pacific region.
The research team recommends to:
- Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes.
- Not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device.
- Check the websites and email addresses offering information, products, or services related to COVID-19.
- Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating.
- Visit the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO) websites for updated information on COVID-19.
For the full report, visit SonicWall's Security Center.