If you’re a US citizen, scammers have found a new way to make money at your expense, using the global pandemic as a ‘hook.’ Since the start of the pandemic, there have been a number of campaigns designed and run by scammers to spread misinformation, steal vaccine research, and scam people out of money.
The latest variant on that sees the scammers sending out emails like baited hooks that appear to come from a wide range of US government agencies offering federal assistance.
Stripping away the details about the pandemic, these are classic phishing emails designed to collect a wealth of personal data that the scammers can use to help identify user names and passwords that could be used in credential stuffing attacks later on.
A typical email in this campaign will claim that the recipient may be entitled to thousands of dollars of pandemic relief assistance, and provide a link in the body of the email to “verify your eligibility.”
Naturally, if an unsuspecting user clicks the link, instead of being taken to a page which will verify eligibility, he’ll be taken to a page containing capture boxes, and any information (name, address, social security number, income information, etc.) will be added to a growing database maintained by the scammers for use later.
A variant of the approach is to send potential victims a letter informing them that their pandemic relief payments have been temporarily suspended “due to suspicious activity” and include an embedded link. The link will give them the opportunity to have their payments restarted. Content differences aside, the page at the other end of the link works in exactly the same way as our first example.
It doesn’t get much lower than this, but one thing we’ve come to understand is that hackers and scammers will stoop to just about any low. Most of us know someone who’s out of work because of the pandemic. Make sure they’re aware of these kinds of operations. If we work together, we can minimize the impact of these types of campaigns.