FBI Issues Warning About Targeted Email Phishing Attempts
The US Federal Bureau of Investigation (FBI) issued a FLASH alert regarding targeted email phishing attacks. These phishing emails attempt to steal user login credentials and infect computer systems. They may contain malware disguise as email attachments or direct the user to a harmful website. The attacks stem from numerous scammers, hackers, as well as state sponsored Advanced Persistent Threat (APT) groups.
Cyber security researchers, the FBI, and other law enforcement agencies have identified numerous COVID-19 scams. These email phishing campaigns contain malicious file attachments and cloaked URLs to spoof websites. The attacks play upon people’s fears and concerns stemming from the COVID-19 pandemic. These attacks first appeared as imposter scams in Asian countries. The contents of the emails often claim that the attachments are official notices informing the recipient of a nearby outbreak. Some of them even contained slightly helpful information.
READ: What are Advanced Persistent Threat Groups?
The FBI alert was forwarded by the New Jersey Cybersecurity & Communications Integration Cell (NJCCIC)
Scammers, hackers, and nation-state Advanced Persistent Threat (APT) groups are using COVID-19 themed cyber attacks to steal credentials, money , and financial information. The attacks usually contain wording and/or email attachments that appear to be helpful healthcare data, pandemic information, and official notices. The emails, attachments, and malicious websites may be crafted to look exactly like official government websites. The scams may also be designed to look official communications from World Health Organization, US Center for Disease Control, or any number of health organizations across the globe.
Early COVID-19 themed phishing campaigns began in areas where the pandemic started and followed its spread across the globe. Scammers use scares tactics or a sense of urgency to trick the recipient into downloading email attachments that contain malware. The reader may also be urged to click on a link in the body of the email. The link leads them to a malicious website (like those listed at the end of this article) These websites steal us credentials and sensitive data that results in monetary they or identity theft.
The phishing emails attempt to steal online account credentials like Microsoft Office 365 accounts, email passwords, video conferencing service logins, or financial accounts information. The content of the emails is designed to frighten the recipient into clicking on links in emails which send them to malicious websites. The websites supposedly require authentication to proceed. If the user enters any information, the hackers harvest it. The victim is redirected to an official website like the World Health Organization’s (WHO) Coronavirus information page, so they do not suspect anything is amiss.
Nation-state sponsored hackers are responsible for many of these targeted phishing campaigns. Attacks of this type are generally targeted at large corporations, critical infrastructure, political organizations, and high-profile people. APT groups typically steal money to fund other activities for their sponsoring nations. They may also steal sensitive corporate data, trade secrets, and conduct espionage on behalf of their sponsor.
READ: 5 Tips to Identify a Phishing Email Scam
Numerous attacks have surfaced since the beginning of the pandemic. The overall number of attacks hasn’t necessary increase during catastrophes. There are only so many hackers and resources out there. Hackers turn their efforts to exploit world news events, natural disastrous, and high-profile crisis to quickly track people into giving money, credit card numbers, login information and other sensitive data. The hope is that if they launch cyber attacks quickly, they can profit from a successful campaign.
This FLASH alert was released as raffic Light Protocol (TLP): WHITE and was was coordinated with DHS CISA.
Example Malicious Filenames
Like many phishing emails scams, the malicious email attachments contain misspellings which can help identify them. The file names are intentionally named using COVID-19 wording to trick the recipient of the phishing email in to trusting that the file contains helpful information related to
• Covid-19_zip.bin
• COVID-19.rar
• Attachments-Fwd_ Proforma for COVID-19.zip
• COVID-19 WHO RECOMENDED V.gz
• COVID-19 WHO RECOMENDED V.exe
• Covid 19 Immunity Tips (2).zip
• zbetcheckin_tracker_COVID-19.jar
• AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe
Associated Malicious Websites
• httpXX://soikeobongdahomnay[.]com/Ham/index.php
• httpXX://cscic.fundashonaltonpaas[.]org/cm/index.php
• httpXX://sportscambo[.]com/sisa/index.php
• httpXX://tokoonlinebaru[.]com/co/index.php
• httpXX://printlogz[.]com/ee/index.php
• http://printlogz[.]com/ee
• http://feenixlanguage[.]com/jog/index.php
• http://printlogz[.]com/ee/index.php
• httpXX://feenixlanguage[.]com/han/index.php
• httpXX://feenixlanguage[.]com/jog/index.php
• httpXX://hpindl[.]com/fe/index
