Cyber criminals using Gov.uk and HMRC logos in new phishing campaign

Cyber criminals have set up phishing websites mimicking those of Gov.uk and HMRC to exploit the COVID-19 pandemic and lure Internet users to share their personal and payment information.

In a recent blog post, security firm Proofpoint has revealed that cyber criminals are now setting up phishing websites to mimick those of organisations associated with COVID-19 financial assistance to steal Internet users' credentials and personal information.

Phishers have been creating duplicates of domains belonging to numerous governments and trusted non-governmental organizations such as WHO, the UK government, HMRC, the government of France, the government of Canada, the U.S. Internal Revenue Service, and Centers for Disease Control (CDC).

"Easily more than half of the 300+ COVID-19 phishing campaigns we’ve observed since January 2020 are focused on capturing user credentials. Credential phishing attackers often tailor their email lures with themes they believe will be the most effective and use general websites for actual credential harvesting.

"The recent move to create custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to harvest credentials," the firm said.

Following are a couple of screenshots of fake websites set up by cyber criminals since January this year:

phishing                         

Recently, cyber criminals also used fake certificate error warnings with graphics and formatting lifted from Cisco Webex emails to obtain Webex login credentials of thousands of users. "Cyber criminals are increasingly using typo-squat variants of domains relating to COVID-19 as organisations have not been able to proactively monitor or block these harmful social engineering techniques for fear of not communicating vital and valid information about the pandemic," said Robert Ramsden-Board, VP EMEA at Securonix.

"We recommend that organisations enable use cases that track increased activity to newly registered domains or rare in order to identify early indicators of suspicious activity. By flagging potentially malicious links from suspicious locations you can greatly reduce the chance of falling victim to social engineering techniques such as phishing. As more people work from home we will most likely see this become a sinister trend and security teams should stay a step ahead in order to reduce the impact of this activity," he added.

In its Q1 2020 Top-Clicked Phishing Report, security firm KnowBe4 revealed in April that phishing email attacks related to COVID-19 increased by 600% in the first quarter of the year, with 45 percent of all phishing attacks asked Internet users to either check or type in their passwords on malicious domains that spoofed legitimate ones.

The second most popular phishing attacks used COVID-19-related themes to create urgency and anxiety among recipients worldwide. The rest of the phishing attacks mainly targeted social media users and asked potential victims to check their emails for new login alerts, password resets and unauthorised access alerts.

MORE ABOUT: