silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,176
Cyber criminals are still attempting to exploit the coronavirus pandemic for their own gain and they're being helped by website templates that allow them to mimic government agencies and companies.
Researchers at cybersecurity company Proofpoint have identified over 300 phishing campaigns designed to steal personal information and bank details from victims – and many are using sites that are indistinguishable from the real thing, complete with authentic imagery and user interfaces.
The security company warned that these template make it easy for scammers to quickly create high-quality, malicious web domains to insert into their COVID-19 phishing campaigns.
Bodies from the World Health Organization, the US Centers for Disease Control, the IRS, the UK's HMRC and even local councils across London are being mimicked in ready-to-use campaigns.
Many of the templates that are available on underground forums and marketplaces also feature multiple pages, making them look more authentic – therefore helping to trick visitors about the true intentions of the websites.
For example, a phishing website designed to look like Canadian government services provide both English-speaking and French-speaking options for entering details – and indicates that the attackers want to cover all bases possible.
"It tells us that the threat actors behind these sites pay attention to where people are going and what they use and take care to make their sites as credible as possible," Sherrod DeGrippo, senior director of threat research and detection at Proofpoint, told ZDNet.
"This makes them look more legitimate and therefore more likely to gather the credentials from the user," she said.