Scammers exploiting stimulus payments with phishing attacks and malicious domains

Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research.

Scammers exploiting stimulus payments with phishing attacks and malicious domains

Cybercriminals have been taking advantage of the coronavirus outbreak to target victims with malware in the guise of information relevant to the disease. These attacks typically take the form of malicious apps, phishing emails, and phony websites. To help businesses and individuals hurt financially by the virus, the US government has been offering stimulus payments, presenting another area ripe for exploitation by scammers. In a report published on Monday, cyber threat intelligence provider Check Point Research details the rise of phishing attacks and websites that try to trap people seeking information on the stimulus.

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic Premium) 

Since January, a total of 4,305 domains relating to the stimulus and relief packages have been registered. In March, 2,081 such domains were registered with 38 deemed malicious and 583 suspicious. In the first week of April, 473 such domains were registered with 18 considered malicious and 73 suspicious. Further, the registration of these types of domains jumped by three and a half times in the week starting March 16 when the US government announced a stimulus package for taxpayers.

Beyond the domains, phishing emails with malicious attachments related to the stimulus have also continued to increase. In one example, an email with the subject "RE: UN COVID-19 Stimulus" was caught distributing the AgentTesla malware. In another, an email titled "COVID-19 Payment" was discovering trying to infect people with the Zeus Sphinx trojan. Sent to specific individuals at targeted organizations, these emails direct users to a phishing login page to deliver the malicious payload.

coronavirus-stimulus-phishing-email-check-point.jpg

Image: Check Point Research

Overall, 94% of the coronavirus-related cyberattacks during the past two weeks were phishing attempts, while 3% were mobile attacks sent through malicious apps or conducted through malicious activity on a mobile device. The number of attacks has surged to an average of 14,000 per day, six times the number from the previous two weeks.

To protect yourself and your organizations from such phishing attacks, Check Point offers the following recommendations:

  1. Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
  2. Be cautious with files you receive via email from unknown senders, especially if they prompt you for a certain action you usually would not do.
  3. Ensure that you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails. Instead, search for your desired retailer and click the link from the search results page.
  4. Beware of "special" offers. "An exclusive cure for coronavirus for $150" is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via email.
  5. Make sure you do not reuse passwords between different applications and accounts.
  6. Organizations should prevent zero-day attacks with end-to-end cyber architecture, block deceptive phishing sites, and provide alerts on password reuse in real time.

Also see

phishing

Image: weerapatkiatdumrong, Getty Images/iStockphoto